Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Guest Account


  • Please log in to reply
No replies to this topic

#1 ComputerGroup

ComputerGroup

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 15 August 2011 - 01:14 PM

I am working to protect a Windows 2003 SBS. The server closes up shares claiming that there is another 2003 SBS server on the network. It is a 2 server system. The domain and network has 2 servers, this Windows 2003 SBS server and a Windows 2000 Server used to manage a FaxServe device. I am fighting a security problem, I can't tell how big it is. The noticable issues are:

[1]the server closes its shares claiming a second SBS server on the network
[2]the server closes its shares due to the cache memory pool being corrupt
[3]the server generates a new guest account object with administrator and RDP membership within a couple of hours of being deleted (Tried to harden the built in guest account by changing the name, logon and password and then re disabling it, the builtin account now stays disabled)

The running services appear to be reasonable. I have tightened down security so that only 3 accounts have rdp access. I'm not sure how to go after the problem in a production server. All thoughts appreciated!

Anti-Virus is McAfee SAS, Server is an HP ML 150, memory is light at 2 GB. 15 users, DHCP comes from SBS server. Server has one NIC card. Not much of a firewall, SMC cable interface does this duty. The network has PCs and MACs. The MAC based computers do not access the servers. I have attached a Hi-jackthis log. I've removed the obvious problems and made notations in the log. Would like any input as to how to attack this situation.

Attached Files


Edited by ComputerGroup, 15 August 2011 - 01:17 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users