Possible Intrusion!
Results 1 to 6 of 6

Thread: Possible Intrusion!

  1. #1
    Junior Member
    Join Date
    Jan 2003
    Posts
    12

    Possible Intrusion!

    I have a couple of Q's to ask.
    First :when I read my Event Viewer in Win XP I see(security) Logon failure:unknown password or bad command at different times in the early morning. Im not typing it wrong, so is this me or someone trying to access my computer?
    Second:While running DC(direct Connect) when I would disconnect it would say I still had files being downloaded even though nothing was in the upload or download boxes.And with my cable connectionn I was getting horrible speeds.Was this my imagination or was someone connected to me?
    Final:When I connect to a server using [telnet>ip address>port
    (win XP)it would say telnet connecting to......connected and just black space.Now if I type anything it cant be seen....Why is that?And when I hit <return> twice then I get the time date server being used but it also kicks me off.
    Janine

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    there's a couple of things you need to be doing here.

    first install a firewall with logging like zonealarm or tiny. with tiny you have the option to log connections even of a type you allow.

    second get and install IP-tool from http://www.ks-soft.net/ip-tools.eng/ keep it running and keep an eye on it. it has a feature like netstat in a gui plus some tool to help you find out whos connecting to you.

    third the telnet client that comes with XP sucks youd be better of using the one that comes with 98 at least you can choose the option "echo on". of course youd be wise to not use telnet at all. get yourself an ssh server and use something like putty or get the latest version of pcAnywhere or even windows terminal server.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  3. #3
    The Iceman Cometh
    Join Date
    Aug 2001
    Posts
    1,209
    1) Do you have any sort of program set up to run at a certain time at night, or after a certain amount of idle time? Sometimes, when programs run in Windows, they are run as administrator, though sometimes they give a message saying that the password is wrong. I don't know why this happens, but it may be worthwhile to look.

    2) This doesn't have to do with the slow cable connection, but often, in Windows, after doing a connection, the computer sees the client still connected, although it's not. This is often evident when using Windows File Sharing. I would avoid using Direct Connection... if you need to do a transfer, get a program dedicated to such transfers.

    3) Finally, regarding Telnet, it sounds like you're not connecting to the server properly. Try some public telnet servers (just search google for them). If you want to connect to servers via Telnet, I'd do as Tedob recommends, and go with a third-party program such as Putty, CRT, or SecureCRT (I personally prefer the latter because it connects to SSH servers, and it works great with my terminal server which I set up using Vshell).

    AJ

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Final:When I connect to a server using [telnet>ip address>port
    Sounds to me like you're telnet'ing to a HTTP server, which would do exactly what you describe.

  5. #5
    Member
    Join Date
    Dec 2002
    Posts
    88
    About the third Q:
    I won't say it seems to be a HTTP server because slarty already did. But in case you wondered, it is possible to retrieve webpages and gather information from webservers (even for malicious/probing purposes) using telnet. Try using
    GET ../.. 'HTTP 1.1'
    to get an invalid request response, and as a gift, the server it is running (IIS, Iplanet, apache..). The GET here is what is called method in the http (hypertext transfer protocol). There are othe methods, and a someone here has already written a tutorial on HTTP. Check it out if you are curious!

  6. #6
    Junior Member
    Join Date
    Jan 2003
    Posts
    12
    Thanks for all the help !
    Janine

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •