How they put a file into my server?? 4

[syskplim]

My Win2k server is attaching to ADSL. i have a firewall software (ZA) installed. But yet some one could put a file into my rootdir from the internet!! how could he/she do that??!!

Help!!

---->A fresher need help!<----

With kind regards.
syskplim@streamyx.com

 

[sidetracked]

Port 135-139 is open

MCSE 2K - MCSA 2K - NET+ - A+

Paul..

 

[NetIntruder]

Not necessarily.. do you have IIS installed on this server? Are you up to date on patches?

There are loads of exploits out to compromise a windows IIS server.

~Intruder~

"The Less You Do, The Less Can Go Wrong"

 

[Claudek]

Main way would be to use any web type service exploit running on that server - IIS most likely. Exploits to the OS is another way - should be ok if you patched up to latest service packs and hotfixes. As far as IIS goes, if you don't need it, turn it off, or lock it down -

http://www.microsoft.com/technet/security/chklist/iis5cl.mspx

Claudius (What certifications??)

http://www.iteq.com.au

 

[ricpinto]

Check also FTP, telnet etc. In Zone Alarm, goto Alert & Logs | Log Viewer, check it and most probably you can tell what's happening. Increase the 'View Only the Last ___ Alerts' box to see more entries. To block and unblock ports(tcp/udp) goto Firewall|Main|Custom|Internet Zone.

 

[syskplim]

thankx all.

i will try to get a latest patch to update it and check my ZA logs. i have just turned of its IIS service.

by the way, i need file sharing to these 2K server. may i turn off port 135-139, Sidetrack? How can they put that file into this server even they don't have any permission to log on?
i have checked if any 'server tool' had been installed but not found.

---->A fresher need help!<----

With kind regards.
syskplim@streamyx.com