ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

new Services look like DSM but are they?

2004-07-13 08:03:40
Subject: new Services look like DSM but are they?
From: Martin Krauß <Martin.Krauss AT ITG.UNI-MUENCHEN DOT DE>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Tue, 13 Jul 2004 14:03:05 +0200 
Hello!
One of our file servers(W2K) was hacked last night, and I discovered some new services that were not there before. they have the names: "DomainName"\Scheduler and "DomainName"\Acceptor and point to the corresponding files in the DSM-directory. Both these services are started manually, and are not the ones installed by me. My question: Did DSM install them by itself? Or is it possible, that the hacker got in by exploiting some existing security hole and uses these Services as "camouflage"? 

Thank you in advance,

greetings,

Martin Krauß

--
********************************************
Martin Krauß
IT-Gruppe Geisteswissenschaften
LMU München
Ludwigsstraße 28
80539 München
Hotline: 2180 6400
Tel.:089 2180 1395
FAX: 089 2180 13543
Email: martin.krauss AT itg.uni-muenchen DOT de
********************************************
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: slow running windows 2000 client backup, Richard Sims
Next by Date:  Re: backup database command specifying tape volumes, Nicholas Cassimatis
Previous by Thread:  Sending events to TEC, Nicolas Savva
Next by Thread:  Re: new Services look like DSM but are they?, Jurjen Oskam
Indexes:  [Date] [Thread] [Top] [All Lists]