|
|
 Up |
|
  |
Author: Cloud9FlyerCloud9Flyer Date: Aug 21, 2007 08:19
I am running Windows 2003 R2 and had the box compromised by a virus.
Symantec cleaned it all up I think, but I keep getting reinfections.
After investigating the windows firewall, it had been disabled.
Further, it appears that a group policy has been applied to it that I
can't edit.
When I open the firewall admin, I see an entry in the exceptions:
2941:TCP is allowed from all IPs. The problem is, I cannot edit it,
it's grayed out. Also, explorer.exe has been added to the list and is
also grayed out (that might have been there before though, I'm not
sure). In the exception config box, all entries do say group policy =
no. However, when I run "netsh firewall show state" it says "Group
policy version = Windows Firewall" which from what I'm reading, means
that it's using a group policy indeed. Also, when I run gpedit.msc
and go to Admin templates -> ... -> Windows Firewall, it indicates
"Not configured" for every entry.
|
| Show full article (1.39Kb) |
|
| | 6 Comments |
|
|
Author: LeythosLeythos Date: Aug 21, 2007 10:37
>
> I am running Windows 2003 R2 and had the box compromised by a virus.
Unless you're just trying to clean it for the experience and fun, wipe
it and rebuild it.
There is no way to be sure that a machine is 100%% clean using any
automated tools and certainly not by even a skilled network admin.
While I've cleaned some, I've never "certified" them as clean for
customers, and I never will. The only "SECURE" way to clean a
compromised box is to wipe (flatten) completely and rebuild in a clean
area.
You need to keep your servers behind a proper firewall too, do not
connect them without an appliance in front of them - and I'm not talking
some cheap NAT router that claims to be a firewall.
--
|
| Show full article (1.04Kb) |
|
| | no comments |
|
|
Author: Cloud9FlyerCloud9Flyer Date: Aug 21, 2007 11:04
I totally agree, normally. But regretfully we're dealing with a
horrible ISP that will take weeks to wipe the box. We also have no
clean area to do a reinstall in because it's remote. Also, it's
supposed to be behind a firewall, but I just don't think the ISP has
very strict rules on the firewall.
On Aug 21, 12:37 pm, Leythos wrote:
>> I am running Windows 2003 R2 and had...
|
| Show full article (1.44Kb) |
| no comments |
|
|
Author: LeythosLeythos Date: Aug 21, 2007 18:10
> I totally agree, normally. But regretfully we're dealing with a
> horrible ISP that will take weeks to wipe the box. We also have no
> clean area to do a reinstall in because it's remote. Also, it's
> supposed to be behind a firewall, but I just don't think the ISP has
> very strict rules on the firewall.
Why are you using ISP's hardware if they have shown they can't protect
the OS/apps?
Either get your own servers and firewall or find another ISP to host
your applications.
--
Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@ rrohio.com (remove 999 for proper email address)
|
| |
| no comments |
|
|
Author: Cloud9FlyerCloud9Flyer Date: Aug 21, 2007 19:56
On Aug 21, 8:10 pm, Leythos wrote:
>> I totally agree, normally. But regretfully we're dealing with a
>> horrible ISP that will take weeks to wipe the box. We also have no
>> clean area to do a reinstall in because it's remote. Also, it's
>> supposed to be behind a firewall, but I just don't think the ISP has
>> very strict rules on the firewall.
>
> Why are you using ISP's hardware if they have shown they can't protect
> the OS/apps?
>
> Either get your own servers and firewall or find another ISP to host
> your applications.
>
> --
>
> Leythos
> - Igitur qui desiderat pacem, praeparet bellum. ...
|
| Show full article (1.77Kb) |
| no comments |
|
|
|
|
|
|
|
|
|
|
|
