System Security (and Network security)

mag1caltrev0r · 24 Jan 2006 at 14:22

I've just discovered that one of our servers has been used to store P2P movie files. I'm very concerned about how this happened.

Can a system security guru please advise me on any software packages out there that i could use to find out:

- Who created the files
- Which machine they were created/copied from
- IP address
- Any other useful information?

I'd like to be able to prove if the files were put there from outside our corporate network or from within.

Thanks

derbyjake · 24 Jan 2006 at 15:04

better in the networking forum i would have thought

BigDom · 24 Jan 2006 at 15:15

Whilst derby is right - some additional details will be helpfull such as what software is on the server, which OS it is, what is the network topology etc.

mag1caltrev0r · 24 Jan 2006 at 16:18

Update:

Your right it should have been in the networks section!

We've discovered that there was a network share open to the internet via FTP, turns out that the folders have been 'tagged' which stops us deleting them. I've since discovered how to do this.

Basically some good for nothings have been hosting files on our server and sharing them through a vulnerable FTP link!

Thanks anyway guys but it's sorted now!

derbyjake · 24 Jan 2006 at 16:26

thats not *** some people hey,

av u secured it all up know ?

mag1caltrev0r · 24 Jan 2006 at 17:13

Yes it's sorted now. There are loads of nested folders all about 5/6 deep that can't be deleted by Windows due to something called 'tagging'. I don't really understand but I've downloaded a program called JRTS - Delete FXP Files that can actually delete the folders. Unfortunately I have to delete each individual folder manually and it can't be done at a higher level in the folder structure!

It's a ******* nightmare!! A bit stressy right now! :mad:

I hope the hackers burn in hell! -- Just like to point out I didn't mean 'Hackers' as in Computer Programmers!

I mean the evil types!

No swearing, read the FAQ.

Otacon

Andyt_uk · 24 Jan 2006 at 20:00

if your an admin cant you just take ownership of the folders, this should also tell you who put them there as well. Right click the folders, properties, security, advanced, ownership tab i believe

mag1caltrev0r · 25 Jan 2006 at 10:01

It's strange, the Administrator group had ownership of the files as they'd used an admin account. I don't fully understand all that stuff as I'm not Sys Admin as such, I'm actually the Oracle DBA.