really worried of being hcked 1

[Murugs]

Am I being hacked..
We have 2000 server (one PDC) and mixed windows OS clients with firewall protected.
All these days under- My network places - Entire Network - Microsoft Windows Network - We have our server name listed. But today there is one more listing with some name which we do not recognise. Clicking on that yields nothing.

Also to add up, one of the users complained on her Win ME she is getting some residential gateway device listed.
Is somebody trying to hack into our network.
Also we have a secure wireless network installed today in our office plus a wired one.
I am really worried..Could anyone assist me.

 

[kcostain]

Wow Murugs,

There is little information, but still some in the message you posted. I would not say from what you have posted that your being "hacked" exactly - but maybe that someone has been war-driving and testing out/ connecting to your wireless network. I think you ought to make sure your wirless network is really using a level of security that would avoid these types of connections.

You should add more information to this post - includign the network, Internet configuration, computer names, etc that might provide me (or others) a better idea of your configuration as well as more information about the problems yoru experiencing.

Hope this helps,
Kevin

 

[TekTippy4U]

Murugs;
Are you using a hub, router, switches or what?

http://www.practicallynetworked.com/networking/bridge_types.htm

Wireless info avaiable too..
Use a router as a hardware firewall when possible, don't rely on software NAT
Check out precationary measures here; (psst...turn on your cookie blocker)

http://www.practicallynetworked.com/sharing/

TT4U

Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.

 

[satrow]

I think that any wireless network within range is likely to show up, certainly if it is insecure enough to broadcast its ID. If your network is secure and not broadcasting the ID, relax a little - take a notebook and wireless card out to look for the other network. MMmm.....fresh air!!

Using a tool like Network Stumbler from a wireless machine would tell you what devices are within range.

Maybe it is a 'history' thing - the machines 'remembering' a connection from the default settings on your new Access Point/Wireless Router?

As the others have said, more details would help.

Andy.

 

[Murugs]

Hello All
Thanx for the replies. Firstly I apologize for the spelling mistake in the subject of the post.

We have a secure wireless network with WEP enabled. Also we have a cisco pix frewall protecting our network and win 2000 server runs DHCP.

Lately we are receving some more problems from win98 and ME machines. When win98 users and win ME users start their machine in morning now it does not give the domain tab in the logon dialog box and they get username and password only. The logon script does not execute and they are not able to access their shared files. So I found a temp fix for this, but really cannot understand what is happening on. When the username/password box pops just press escape and itlogs in and now if you do logoff user, it gives the username password and domain tabs in order. Sorry If I am confusing here.

regards
Muru

 

[TekTippy4U]

From what you describe..seems to be 2 separate network Logons going on...(Is the first prompt a Windows Logon screen or Network Logon??)...Do you happen to have tweakui installed on the 98/ME boxes?
Recently installed software on the boxes??

also WEP is not that secure, though you can test you're AP range and see if you're broadcast is vulnerable that way.....

Also, some routers have a packet grabbing technique, so you can view the packets and determine if anything's out of order...see if the correct ones are going where they should be, etc...
I don't know if the tracert command is useful here or not.....not really a networker.



TT4U

Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.

 

[noellees1]

I would start checking your systems with Antivirus as the problem seems to be spreading could be an infection.
Or it could be spyware (possible solutions are adaware, spybot etc)
These are only some guesses but i find a lot of problems are formed by malware and virus's.
Win 2K networks are targetted at the moment as 2003 (i think) has better protection features

 

[dbMark]

If the network and Windows passwords are not identical, then you can get two login screens, but you can synchronize them at Start, Settings, Control Panel, Passwords.

I wonder if you don't have a different problem here regarding login windows. Do you use DHCP? If so, then from a DOS window type this to reset the DHCP settings:

for Windows 98, 98se, Millennium:

IPCONFIG /release_all
IPCONFIG /renew_all

for Windows XP:

IPCONFIG /release
IPCONFIG /renew

- dbMark

 

[Murugs]

Tektippy:
First prompt is always a network logon screen and second is windows logon. I will try to synchronize the same.

Also my knowledge is WEP is the only security system for the access point..Will read more documentation on how to secure wireless networks.

noellees1: Thx for the tip.. We have uptodate antivirus and spybot running.

dbMark: Yes..we use DHCP..will try releasing the IP address.

General Questions:
1) Under Network Places - Microsoft Windows Network there are 2 networks shown out of which one is active and other is redundant or not in use. How do I make it not to appear from my system. Even a restart does not help.

2)Reg DHCP - DHCP server assigns IP randomly. Is there anyway to streamline the assigning. i.e If 10.0.0.102 is present, go to 103 else go 104 etc?

 

[TekTippy4U]

Hi Murugs;

You probably have to "Un- Bind" the Network Component(s)...start here for explanation;

http://grc.com/su-bondage.htm

Start page for all Internet/Networking vunerabilities;

http://grc.com/default.htm

(I know you're more concerned with the Network than Internet, just thought I'd throw it out there, with the site having a ton of info and good stuff..

You can check any port by Port# here

http://grc.com/port_135.htm

Also...In 98, you can Start/Run WINIPCFG and you'll be given all the Network info in the GUI form, and can Release/Renew from here as well....use More info button too. Right click on Title bar to Copy the info to clipboard..

You may have to delete all the *pwl files on the 98/ME boxes...View this;
Thread615-676788
also a forum member, "cdogg" has a FAQ (in this forum, concerning Windows Logon and Password prompts)that you can find and look at..

concerning the windows logon prompt..
Users applet and Password applet are needed looking at in Control Panel....as well as disabling/removeing certain Network components adapters/protocols/services/clients.

I'm not a good networker, so take what I say with a grain of salt,...just trying to give some options in the direction to look...

As far as streamlining the assignment of DHCP......I don't know..

It's odd the way you're Temporary workaround works...It almost seems like the User.dat has to be downloaded by the Network Server, hence the prompt, ..... "Before" you're allowed to the Windows logon...
Again not sure of this, as it is Win2K..

TT4U

Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.

 

[TekTippy4U]

Have a look here too;

http://www.wown.com/j_helmig/w2kw95cn.htm

TT4U

Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.

 

[TekTippy4U]

One more Murugs;
It the 2nd page , if you chose Win98 (instead ot WinNT)at the bottom of first page..

http://grc.com/su-rebinding9x.htm

some text from there;
<snip>
All versions of Windows 9x have an annoying bug that causes installed network components without any bindings to "disappear" from the Network properties listing. This occurs even though they are still installed and functioning! Subsequent reconfiguration becomes difficult since the component's listing has disappeared and this disappearing trick will mislead and confuse anyone who later attempts to examine the system's configuration. Microsoft has presumably never even noticed this bug.

Since they bind everything to everything by default ...
. . . there's probably never been a situation where a network component was given the opportunity to float off into the sunset after being cut loose from all of its neighbors!
<end snip>

TT4U

Notification:
These are just &quot;my&quot; thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.

 

[TekTippy4U]

Murugs;
As i think more about it....(and yes, it's painful, and it burns....
Could it be the settings for the "Properties" of "Client for MS Networks" in Network Properties...
These can be a problem if not correct also

TT4U

Notification:
These are just &quot;my&quot; thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.

 

[Murugs]

Awesome Links...Thanks Tektippy. Here's the star.

 

[TekTippy4U]

As always..just trying to help..
(I wanna be able to post my rock band playing..and I have this quip that I only allow myself to do so, if the author resolves the issue.. ..so hope you can track down your prob and fix.....let us know too , as we'll all learn....thanks Murugs..

TT4U

Notification:
These are just &quot;my&quot; thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.