OT Network problem

Yahoo Archive
1
I have a wireless internet connection with VPN
But I have a sonicwall Pro 200 firewall
I saw some FTP attempts and a sub seven attack dropped
My quality office is where one of the machines was in the log files
Two of the users in that office said when they walked in this morning
their machiens were already logged into the network

Guess what, its time to change your password
I have scanned the suspision machines and only found alexa nothing
more

Really strange
2
Anyone every seen a message in your event viewer like this?

Event Type: Success Audit
Event Source: Security
Event Category: (7)
Event ID: 642
Date: 3/23/2003
Time: 3:50:34 AM
User: NT AUTHORITY\SYSTEM
Computer: SERVER1
Description:
User Account Changed:
LASER-WS$
Target Account Name: MECO-INC.COM
Target Domain: S-1-5-21-471220583-1421367486-1233803906-1236
Target Account ID: SYSTEM
Caller User Name: NT AUTHORITY
Caller Domain: (0x0,0x3E7)
Caller Logon ID: -
Privileges: %8

Check out the time
3am
Our place is closed after midnight
I have three of these?



James Piper - Systems Administrator
MECO, Inc
2121 S. Main St
Paris, IL 61944
(217) 465-7575 ext 201
Fax (217) 465-5230
Email: <mailto:admin@...> admin@...



[Non-text portions of this message have been removed]
3
Sounds like you had a visitor ...

-----Original Message-----
From: James Piper [mailto:admin@...]
Sent: Monday, March 24, 2003 9:26 AM
To: vantage@yahoogroups.com
Subject: [Vantage] OT Network problem


Anyone every seen a message in your event viewer like this?

Event Type: Success Audit
Event Source: Security
Event Category: (7)
Event ID: 642
Date: 3/23/2003
Time: 3:50:34 AM
User: NT AUTHORITY\SYSTEM
Computer: SERVER1
Description:
User Account Changed:
LASER-WS$
Target Account Name: MECO-INC.COM
Target Domain: S-1-5-21-471220583-1421367486-1233803906-1236
Target Account ID: SYSTEM
Caller User Name: NT AUTHORITY
Caller Domain: (0x0,0x3E7)
Caller Logon ID: -
Privileges: %8

Check out the time
3am
Our place is closed after midnight
I have three of these?



James Piper - Systems Administrator
MECO, Inc
2121 S. Main St
Paris, IL 61944
(217) 465-7575 ext 201
Fax (217) 465-5230
Email: <mailto:admin@...> admin@...



[Non-text portions of this message have been removed]



Yahoo! Groups Sponsor

ADVERTISEMENT

<http://rd.yahoo.com/M=245454.2994396.4323964.2848452/D=egroupweb/S=17050071
83:HM/A=1457554/R=0/*http://ipunda.com/clk/beibunmaisuiyuiwabei>

<http://us.adserver.yahoo.com/l?M=245454.2994396.4323964.2848452/D=egroupmai
l/S=:HM/A=1457554/rand=829131372>

Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
<http://groups.yahoo.com/group/vantage/files/.>
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
<http://groups.yahoo.com/group/vantage/messages>
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links
<http://groups.yahoo.com/group/vantage/links>

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service
<http://docs.yahoo.com/info/terms/> .




[Non-text portions of this message have been removed]
4
Yea thats what bothers me
I can't find anything out about them


> Sounds like you had a visitor ...
>
> -----Original Message-----
> From: James Piper [mailto:admin@m...]
> Sent: Monday, March 24, 2003 9:26 AM
> To: vantage@yahoogroups.com
> Subject: [Vantage] OT Network problem
> been removed]
5
What kind of holes do you have in your network?

Internet connection?
Dial up RAS? ( Inbound )
Dial up Pc-Anywhere? ( Inbound )
Wireless nodes in your shop that are spilling over into your parking lots?
Fax machines that are network based?


-----Original Message-----
From: meco_inc_paris [mailto:admin@...]
Sent: Monday, March 24, 2003 9:29 AM
To: vantage@yahoogroups.com
Subject: [Vantage] Re: OT Network problem


Yea thats what bothers me
I can't find anything out about them


> Sounds like you had a visitor ...
>
> -----Original Message-----
> From: James Piper [mailto:admin@m...]
> Sent: Monday, March 24, 2003 9:26 AM
> To: vantage@yahoogroups.com
> Subject: [Vantage] OT Network problem
> been removed]



Yahoo! Groups Sponsor

ADVERTISEMENT

<http://rd.yahoo.com/M=245454.2994396.4323964.2848452/D=egroupweb/S=17050071
83:HM/A=1457554/R=0/*http://ipunda.com/clk/beibunmaisuiyuiwabei>

<http://us.adserver.yahoo.com/l?M=245454.2994396.4323964.2848452/D=egroupmai
l/S=:HM/A=1457554/rand=885087139>

Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
<http://groups.yahoo.com/group/vantage/files/.>
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
<http://groups.yahoo.com/group/vantage/messages>
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links
<http://groups.yahoo.com/group/vantage/links>

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service
<http://docs.yahoo.com/info/terms/> .




[Non-text portions of this message have been removed]