Yes, I want to learn something from this so want to find out what/how the access was obtained. I feel I have the computers as secure as Microsoft allows (WinXP Pro). I check for patches regularly (weekly). I have most built-in accounts disabled. The accounts all run at a regular user priviledge. This particular machine does act as a print server for my network, but I have anonymous access restricted and only allow authenticated connections. I restrict remote admin access, but not sure if it can be bypassed somehow. The kids do play the internet games and surf the funny video sites and I do have a teen that check web mail, but none of them are "supposed" to have access to install (ie regular user account). I have software firewalls (Symantec) running on the machine behind a Linksys router/firewall as my gateway. So far I haven't any spyware on the box, only attempts, when I run my nightly scans and review the logs files.
Since I didn't have my sniffer running at the time I really want to see if I can find out what happened and how it happened. I'm somewhat concern if my border device may possibly be compromised as well. Unfortunately Linksys is pretty limited on the abilities to manage the device. None of my other PC's on the network seem to show any indication of compromise, but again this one in particular is slightly less secure for the sharing of the printer. Any additional information is much appreciated. Thanks... Hopefully I'll be able to put the pieces together.
