So here's the situation. I'm the "New IT Guys". There have been 3 before me, and I'm working on a Windows 2000 Server that has been setup via a tagteam of consultants. I'm not a Miscrosoftie by nature, but I deal with it here and there and in Advanced Windows 2000 at school. *joke* None the less, I'm getting into it. Anyway, here's some problems that are confusing me at the current moment ...

 1. I did a security audit against the server using Nessus and it came back with ports 34555/udp, 27444/udp, 18753/udp, and 10498/tcp possibly running Trin00, Trin00, Shaft, and mstream respectively. I ran a few nmap scans against it and did not find the port open. netstat -an didn't yield any info either. I thought at first it was just catching normal traffic , but multiple scans have come out the same. Any idea what this could be? McAfee is up to date and running full scans once a night, and research shows that it should catch all the possible trojans.

 2. Ports 6666 and 6667 are open also, but yield no warnings from Nessus. I know we are not running an irc server, so is there any 2k serive that claims those ports? Again, netstat didn't show anything useful.

  In my scan I found that only SP1 had been applied and the server was in desperate need of netbios-ssn hotfixes since I'm not quite sure wheather I have a cracker on my tail or not. I downloaded the required patches and applied them individually.

 3. Is there a way to apply the patches without having to reboot everytime? This is a server that takes 5-10 minutes for a full cycle. Once I applied the patches I ran my scans again and the "problem" hadn't been fixed. Am I doing something wrong just running them?

 4. Nessus found /_vti_bin/_vti_aut/dvwssr.dll ... I read up on this, except I can't find it in the directory shown, and that file doesn't come up by name in a find. Does it have another alias or counterpart?

 5. The server is running Exchange, and it allows open relaying which I am kind of concerned about. Currently the consultant is the one working the Exchange Setup ( I plan to remedy that eventually), but where can I get some info on configuring something like that. Just looking at the Server Manager really looks like he got it working, and didn't go any farther than that.

 An help would be appreciated.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]