Q

Systems under attack from automatic tools

On our Remote Access Service (RAS) server and our VPN server -- which also is a RAS server -- the following behaviors have occurred. Both machines are Win2k server, SP3:

I can't open the event properties window for any of the events in event logs. When I log into the machine, the desktop takes a long time to load. In computer management, when trying to open disk management, this error appears: "The RPC server is unavailable."

When I click OK, this message appears on the status bar of disk management: "FAILED connection to Logical Disk Manager service."

When trying to open My Network Places, no items are displayed.

The items in the control panel and the bar which displays the column name (i.e. name, comment) are shifted to the leftmost side of the window. Three quarters of the window, from right, is only white space.

In the event log and application logs, EventSystem ID 4097 keeps appearing.

I should mention that on both machines, when I logged in for the first time this morning, I saw similar advertisement pop ups with the exact same content that was sent to us from outside of the company network.

What is causing all these issues?
Quick -- get these systems behind a firewall! At the very least, install a software firewall on both systems. Unfortunately, Windows 2000 doesn't have anything adequate built in (though Windows Server 2003 does).

Your systems are definitely under attack. Most likely, the attackers are automated tools, and you're not specifically being targeted. Your systems may be infected. So after you get them behind a firewall, you need to install some anti-virus software. Better yet, wipe them clean and rebuild them.

This was first published in September 2003

Dig deeper on Windows Operating System Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close