Rogue broadcast publishing points in WMS9

Thread: Rogue broadcast publishing points in WMS9

Search this list only Search all lists
Rogue broadcast publishing points in WMS9
United Kingdom	2007-02-14 08:19:09
Hi Can onybody offer some help here. We are running WMS9 on 2003 Server SP1 in a load balance of 2 machines. Each machine runs only the OS and WMS and is behind our network firewall. At some point in the last 24 hours 2 rogue push broadcast publishing points were created, one on each machine, each with a different name! The Location in the Source for each is defines as "push" - without quotes. They were using a lot of bandwidth which is why our network services were alerted to this! We are reasonably confident that the machine(s) have not been compromised and that any accounts that are members of Administrators group on the machines have strong passwords. Does anyone have any ideas/suggestions as to how this exploit might have been achieved? TIA john -- john.smithed.ac.uk phone: + 44 (0) 131 650 6915 Media Services (WAMS), Information Services ------------------------------------------------------------ ---- Users Guide http://DISCUSSMS.HOSTING.LSOFT.COM/archives/mailfaq.html contains important info. Save time, search the archives at http://DISCUSSMS.HOSTING.LSOFT.COM/archives/index.html . To unsubscribe, mailto:WMTalk-signoff-requestDISCUSSMS.HOSTING.LSOFT.COM

Re: Rogue broadcast publishing points in WMS9
	2007-02-14 09:36:07

hello, my name is alfred, please i dont stand english very good, if you can write in spanish please?   Alfredo Añì Martìnez Tecnico de Informàtica de la Facultad de Ciencias Mèdicas "Sofiel Riveròn Lòpez" T-2 Jaguey Grande, Matanzas, Cuba. Tlf.: 95-87-00 -----Original Message----- From: John Smith <john.smithED.AC.UK> To: WMTalkDISCUSSMS.HOSTING.LSOFT.COM Date: Wed, 14 Feb 2007 14:19:09 +0000 Subject: Rogue broadcast publishing points in WMS9 Hi Can onybody offer some help here. We are running WMS9 on 2003 Server SP1 in a load balance of 2 machines. Each machine runs only the OS and WMS and is behind our network firewall. At some point in the last 24 hours 2 rogue push broadcast publishing points were created, one on each machine, each with a different name! The Location in the Source for each is defines as "push" - without quotes. They were using a lot of bandwidth which is why our network services were alerted to this! We are reasonably confident that the machine(s) have not been compromised and that any accounts that are members of Administrators group on the machines have strong passwords. Does anyone have any ideas/suggestions as to how this exploit might have been achieved? TIA john -- john.smithed.ac.uk phone: + 44 (0) 131 650 6915 Media Services (WAMS), Information Services ---------------------------------------------------------------- Users Guide http://DISCUSSMS.HOSTING.LSOFT.COM/archives/mailfaq.html contains important info. Save time, search the archives at http://DISCUSSMS.HOSTING.LSOFT.COM/archives/index.html . To unsubscribe, mailto:WMTalk-signoff-requestDISCUSSMS.HOSTING.LSOFT.COM

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )