I had recently posted a question concerning user accounts on XP. I got help looking for them, and found everything looked normal. However, I had downloaded Process Explorer from Sysinternals.com ( for those who haven't heard of them, and need info on what tool I'm using). It has different options when you highlight entries in the lower pane. One of these is simply properties, and it shows two tabs, Details and Security.
When I click the Security tab, it shows users and their permissions. On way too many of these I've been finding "Everyone" as a user and then permissions such as Delete, Synchronize, Query State, Modify State and Special Permissions. This wouldn't worry me, except that Mcafee Firewall has intercepted three "SYN Port Scan Attacks this morning, and stopped numerous UDP and TCP packets both incoming and outgoing. And when I ran a neotrace on the IP adress (18.104.22.168), it came from up in Canada. Info on it:
Registrant-no: 15771 Domaine-no: 414718 Subdomain: sympatico.ca Renewal-Date: 2008/10/13 Date-Approved: 2000/10/02 Date-Modified: 2003/12/04 Organization: Bell Canada Description: Bell Canada, the largest Canadian telecommunicationsoperating company, markets a full range of state-of-the-artproducts and services to more than six million businessand residential customers in Quebec, Ontario and parts ofthe Northwest Territories.ATTENTION To report any alleged illegal use forward email to email@example.com Admin-Name: Van Tu Duong Admin-Title: Domain Names & Trade-marks Manager Admin-Postal: 1000 de La Gauchetiere West 4100 Montreal QC H3B 5H8 Canada Admin-Phone: 1 514 7869356 Admin-Fax: 1 514 8704833 Admin-Mailbox: firstname.lastname@example.org Tech-Name: DNS Administrator Tech-Title: IS/IT Utility Support Tech-Postal: Bell Canada 110 O'Connor Street Ottawa ON K1P 1H1 Canada Tech-Phone: 1 800 5650567 Tech-Fax: 1 514 8704833 Tech-Mailbox: email@example.com NS1-Hostname: dns1.sympatico.ca NS1-Netaddress: 22.214.171.124 NS2-Hostname: dns2.sympatico.ca NS2-Netaddress: 126.96.36.199 NS3-Hostname: ns5.bellnexxia.net NS3-Netaddress: 188.8.131.52 NS4-Hostname: ns6.bellnexxia.net NS4-Netaddress: 184.108.40.206 NS5-Hostname: NS5-Netaddress: NS6-Hostname: NS6-Netaddress:
I know this isn't the place for looking for help on every little security problem that arises, the main thing I was looking for help was just that "Everyone" entry. I just wanted to offer up the info in hopes it would help identify possible future threats to users security.
Thanks again for this service, it helps very much.