Network Hacked

I service a business with 40 computers that was blocked form Internet access by one PC. The event error read: "The master browser has received a server announcement from the computer TCTRUCKS6-DT that believes that it is the master browser for the domain on transport NetBT_Tcpip~". The network restored after that computer was shut down. It is a peer-to-peer network. The only servers are 3rd party programs. Nobody was physically using the problem PC on the day that this occurred. I noticed that the antivirus (Viper Enterprise, which is the strongest I've seen) was reconfigured just prior to shutdown. The static IP was removed & the workgroup was changed to the default WORKGROUP, but that could have been done by the user previously. It is working normally so far today. I notice in the Windows log that special privileges were assigned to a new logon many times on this & other PCs. What should I do at this point to track this down & prevent recurrence?
Albatross1953Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Neil RussellTechnical Development LeadCommented:
Nothing that you have stated implies that you were hacked in any way shape or form.  The Master Browser message is a bog standard windows occurrence.

Windows logs with special privs?  well unless we can see examples of the logs and and exactly what it said, we have no idea what was going on, again assignment of special privs to an account can be a normal everyday occurrence.

Some more details and logs would be useful.
0
Albatross1953Author Commented:
Why would one computer believe it is the master browser for the domain and block all the others? What logs do you need to see?
0
Neil RussellTechnical Development LeadCommented:
ok first off, you need to understand what the Master browser is as your questions lead me to believe that you have no understanding of the concept.

I would suggest that you start by doing a quick google search and looking for  "What is the master browser in Windows".

Like I said it is standard in windows and not an error or to be unexpected.  You will learn far more with a quick google and a read of the subject than you will in being given a quick 2 minute answer on here.

Example would Microsofts own Technet article here Master Browser

As to what logs? You said that you saw issues in the logs with security privs, might be a good place to start.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

Albatross1953Author Commented:
I'm surprised that is not in my A+, Network+ or Server+ books. It explains many things, except why the whole network could not use the Internet until the Master Browse Server was shut down. It also was one of only a few computers on that workgroup. I couldn't even ping 8.8.8.8.
0
Neil RussellTechnical Development LeadCommented:
Quite possibly it was the IP address of it that clashed with your gateway/router. The master browser service would not cause that. That was just a red herring throwing you off the scent
0
Albatross1953Author Commented:
One last thing is that the assigning of the Master Browse server was logged as an error (red flag) in Event Viewer over 30  consecutive times on the other computers.
0
Neil RussellTechnical Development LeadCommented:
Always is.  There are LOTS of MS errors that are logged that are not errors as such.

What exactly is "An Unknown error has occurred" ?  After all if was known and expected, it would not be an error surely? :P

Experience and Google is always the best friend of the event log reader.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.