Archived from groups: microsoft.public.windowsnt.domain (More info?)
Was looking at a client's network this afternoon, behind a natted
CISCO with some other twists (no telnet enabled, hash p/ws,
some publics redirected to privates behind the router)
and suddenly, in Windows Explorer/network neigh. saw a
'rogue' DOMAIN... we have ONLY one domain, this 'new' one
appeared and, while in NT4 the trusts are more difficult,
I believe I determined that there was no 'trust' relationship.
But I could not rid our network of it "UNTIL" I disconnected
our T1 line... then it was gone instantly.
We made some changes to the router and passwords and enabled
more logging but ANYONE have ANY IDEA what kind of 'hack' that
could've been? Or even if it 'really' was a hack. Our password
complexity is very high, indeed we have even restricted the
administrator from NOT being able to access the 'sensitive'
data... but it kinda made me restless... Ideas gratefully
received. Thanks.
--
Rich "Doc" Colley
mailto: pc-dc-doc@nospam.comcast.net
Was looking at a client's network this afternoon, behind a natted
CISCO with some other twists (no telnet enabled, hash p/ws,
some publics redirected to privates behind the router)
and suddenly, in Windows Explorer/network neigh. saw a
'rogue' DOMAIN... we have ONLY one domain, this 'new' one
appeared and, while in NT4 the trusts are more difficult,
I believe I determined that there was no 'trust' relationship.
But I could not rid our network of it "UNTIL" I disconnected
our T1 line... then it was gone instantly.
We made some changes to the router and passwords and enabled
more logging but ANYONE have ANY IDEA what kind of 'hack' that
could've been? Or even if it 'really' was a hack. Our password
complexity is very high, indeed we have even restricted the
administrator from NOT being able to access the 'sensitive'
data... but it kinda made me restless... Ideas gratefully
received. Thanks.
--
Rich "Doc" Colley
mailto: pc-dc-doc@nospam.comcast.net