Ask the Expert

Systems under attack from automatic tools

On our Remote Access Service (RAS) server and our VPN server -- which also is a RAS server -- the following behaviors have occurred. Both machines are Win2k server, SP3:

I can't open the event properties window for any of the events in event logs. When I log into the machine, the desktop takes a long time to load. In computer management, when trying to open disk management, this error appears: "The RPC server is unavailable."

When I click OK, this message appears on the status bar of disk management: "FAILED connection to Logical Disk Manager service."

When trying to open My Network Places, no items are displayed.

The items in the control panel and the bar which displays the column name (i.e. name, comment) are shifted to the leftmost side of the window. Three quarters of the window, from right, is only white space.

In the event log and application logs, EventSystem ID 4097 keeps appearing.

I should mention that on both machines, when I logged in for the first time this morning, I saw similar advertisement pop ups with the exact same content that was sent to us from outside of the company network.

What is causing all these issues?

    Requires Free Membership to View

Quick -- get these systems behind a firewall! At the very least, install a software firewall on both systems. Unfortunately, Windows 2000 doesn't have anything adequate built in (though Windows Server 2003 does).

Your systems are definitely under attack. Most likely, the attackers are automated tools, and you're not specifically being targeted. Your systems may be infected. So after you get them behind a firewall, you need to install some anti-virus software. Better yet, wipe them clean and rebuild them.

This was first published in September 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: