SuperJc
03-27-2003, 07:34 AM
Hello everyone...
I've this little issue with Server Manager in NT4
Every morning my PDC shows an opened IISRPC PIPE in write status the user does not show, it is blank.
Here are the details:
Opened by:
For: Write
Locks: 0
Path: \PIPE\IIsrpc
Every morning I go in to Server Manager and see this, so I force it to close. It will stay closed for period of time, but randomly it reappears and connects at various times in the day. Sometimes It will show to be gone for the enitre work day and sometimes it comes back in couple of hours or even minutes. I don't understand why this is happening but I'm afraid there is a security compromise.
My PDC does not run any IIS software, it is just a file server and validates log ons.
This does not happen on my BDC either. My BDC is not a web server either and does not have IIS4 on it.
I have a 3rd server that runs the web page, and it is a stand alone and not part of the network, and this machine does have IIS4. This web server is an entirely seperate machine with it's own IP and not connected to the PDC and BDC.
Why is my PDC letting an IISRPC PIPE connect by an unknown user? How do I keep this from happening?
What I suspect is there is a trojan inside my network some where and some hacker gets in to make this connection in order to extract resources from my network. I don't know if this is possible though, it just my guess.
There was one time I recall that showed 2 connections with no user name.
I do see in the NT services that the RPC is running. I'm not sure if I can disable it without affecting any other services that I may need for my users. Or weather disabling will prevent an IISRPC from connecting.
Also, this network I work on has only had a firewall for about 2yrs now. Prior to our new firewall, we have been running 24hrs a day on the internet with no firewall for 2yrs+
So for the number of years, I don't know what has happened in my network. I just know that I've had major problems in the past, but since putting in a firewall, things have been much more stable but still strange things happening in my network.
It took me couple of years to convince my boss to put in a firewall. So, I don't know what kinds of trojans and viruses I have inside. My antivirus shows that I'm clean, but the network does not behave that way 100%.
Help !!!
Thank you.
I've this little issue with Server Manager in NT4
Every morning my PDC shows an opened IISRPC PIPE in write status the user does not show, it is blank.
Here are the details:
Opened by:
For: Write
Locks: 0
Path: \PIPE\IIsrpc
Every morning I go in to Server Manager and see this, so I force it to close. It will stay closed for period of time, but randomly it reappears and connects at various times in the day. Sometimes It will show to be gone for the enitre work day and sometimes it comes back in couple of hours or even minutes. I don't understand why this is happening but I'm afraid there is a security compromise.
My PDC does not run any IIS software, it is just a file server and validates log ons.
This does not happen on my BDC either. My BDC is not a web server either and does not have IIS4 on it.
I have a 3rd server that runs the web page, and it is a stand alone and not part of the network, and this machine does have IIS4. This web server is an entirely seperate machine with it's own IP and not connected to the PDC and BDC.
Why is my PDC letting an IISRPC PIPE connect by an unknown user? How do I keep this from happening?
What I suspect is there is a trojan inside my network some where and some hacker gets in to make this connection in order to extract resources from my network. I don't know if this is possible though, it just my guess.
There was one time I recall that showed 2 connections with no user name.
I do see in the NT services that the RPC is running. I'm not sure if I can disable it without affecting any other services that I may need for my users. Or weather disabling will prevent an IISRPC from connecting.
Also, this network I work on has only had a firewall for about 2yrs now. Prior to our new firewall, we have been running 24hrs a day on the internet with no firewall for 2yrs+
So for the number of years, I don't know what has happened in my network. I just know that I've had major problems in the past, but since putting in a firewall, things have been much more stable but still strange things happening in my network.
It took me couple of years to convince my boss to put in a firewall. So, I don't know what kinds of trojans and viruses I have inside. My antivirus shows that I'm clean, but the network does not behave that way 100%.
Help !!!
Thank you.