Re: Re: They got me!!!

Yes, I want to learn something from this so want to find out what/how the 
access was obtained. I feel I have the computers as secure as Microsoft allows 
(WinXP Pro). I check for patches regularly (weekly). I have most built-in 
accounts disabled. The accounts all run at a regular user priviledge. This 
particular machine does act as a print server for my network, but I have 
anonymous access restricted and only allow authenticated connections. I 
restrict remote admin access, but not sure if it can be bypassed somehow. The 
kids do play the internet games and surf the funny video sites and I do have a 
teen that check web mail, but none of them are "supposed" to have access to 
install (ie regular user account). I have software firewalls (Symantec) running 
on the machine behind a Linksys router/firewall as my gateway. So far I haven't 
any spyware on the box, only attempts, when I run my nightly scans and review 
the logs files.

Since I didn't have my sniffer running at the time I really want to see if I 
can find out what happened and how it happened. I'm somewhat concern if my 
border device may possibly be compromised as well. Unfortunately Linksys is 
pretty limited on the abilities to manage the device. None of my other PC's on 
the network seem to show any indication of compromise, but again this one in 
particular is slightly less secure for the sharing of the printer.

Any additional information is much appreciated.

Thanks...

Hopefully I'll be able to put the pieces together.