How to wreck a computer via a vpn connection and administrator account ?

S

Skybuck Flying

Hi,

The question in short is: "How to wreck my own computer by loging into it
remotely via vpn connection with an administrator account" ;)

Most services are disabled etc (on the host which is windows xp)... ;)

Windows 98 <- vpn connection -> Windows XP
Bad Hacker Poor victim :)

Bye,
Skybuck.
 
T

Tom Che [MSFT]

Hi Skybuck,

Thank you for posting and this is Tom again. :)

From your post, my understanding of this issue is: How to wreck a computer
with Windows XP by logging into it remotely via VPN connection, when the
hacker having an Administrator Account of Windows XP is using Windows 98
client. If this is not correct, please feel free to let me know.

To be frank with you, I don't understand why you always suppose that your
Administrator Account had been stolen. The Administrator Account is
top-drawer for an administrator of a computer or a network, because this
account is sovereign in the computer or network. Therefore, the
administrator should do his best to protect his account, and had better not
empower anybody for anything unless he can be trusted totally.

To protect Administrator Account better:
--------------------------------------
1. Change the name - If you keep the name the same as the default, this
provides 1/2 of the information that an attacker needs to log on as the
account. You can change the name to obfuscate the account to novice
hackers, such as Mike Lee.

2. Reset the description - Since the description of the Administrator
Account states that it is the default Administrator Account, changing this
(or deleting it) will help protect it.

3. Create a "false" Administrator Account - There are many attackers that
are just looking for the name Administrator. So, if you create an account
that has no privileges and is even disabled, the attacker will not have a
chance to gain access to your network under this account.

4. Configure a complex password for the account - Observe the following
Password Rules:
- Must be 8 characters long at least.
- Must have at least 1 capital letter, 1 lower case letter, and 1 number or
punctuation, but no spaces.
- Cannot be based on your name, NetID, or on words found in a dictionary.
- Cannot be based on simple repeating patterns.

5. If you found any evidence that the Administrator Account had been
stolen, you must change the old password immediately.
--------------------------------------

Back to your question, if a hacker using Windows 98 logged on your Windows
XP with Administrator Account via VPN, he can full control all resources on
Windows XP, such as read and write even delete all files just with My
Network Places... Is this a "wreck" or not? ;)

I believe that actually you want to protect your computer, so please
protect your Administrator Account above all.

Have a nice weekend!

Sincerely,
Tom Che

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
 
S

Skybuck Flying

Ok, maybe I dont wanna wreck my computer.

Maybe I just wanna find out how to enable/disable things.

Currently I have no idea how to do that ?

Especially the services stuff...

As stated windows 98 doesn' have the mms console so how to proceed ?
 
T

Tom Che [MSFT]

Hi Skybuck,

Thanks for reply.

If you disable Remote Desktop and so on, it's really not easy to do
something dangerous in Windows 98 via VPN to your Windows XP. We cannot
remotely modify Services or GPO etc in Windows 98. Maybe it's safe now.
But, I'm not a hacker... Maybe they can do something other guys cannot...

Have a nice day!

Sincerely,
Tom Che

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Residential ISP VPN Provider 0
Login to VPN with limited user account and special rights ? 1
Wake up remote computer via RDC when on VPN 2
How many users/clients can connect to a VPN in Windows XP pro ? 3
Little problem: Can't stop "remote access connection manager" service after using vpn connections 1
Remote desktop hangs intermittently over VPN connection 1
VPN XP to SBS 2003 Connects ok but no files or folders displayed 3
Long Delay logging into domain via ADSL 2

Top