I'm back after a long weekend and I got screwed by some script-kiddy

I managed to take a few days off for the weekend, but I'm back and thought I'd write a few notes about what NOT to do as a network administrator.

Since I was going to be home for the weekend, I wanted to be able to login and check my email, do some work if I had to, and in general just be able to have access to my work computer.

Thursday night, I tried to setup my router to forward the Terminal Service port to my server so I could login remotely. As hard as I tried, I couldn't get a remote connection to work. So, being a lazy turd, I setup an open DMZ between my crappy DSL modem and my server (some of you know where this is going). To make matters worse, I'd just installed an unpatched version of SQL Server 2000 to work on an old application for a client. I'd also forgotten to install any SQL Server service packs.

The combination of an open DMZ to my server and an unprotected SQL Server install proved disastrous. When I got to the office this morning (a Monday, no less!), my entire network and internet interfaces were being POUNDED with traffic. It took a hacker less than 3 days to compromise my server, install MySQL on it, and start running all sorts of crap through my IP Address.

Needless to say, I had a huge pile of nasty emails from network administrators and a stern note from my ISP when I got to work. It took half the day to get my network cleaned up and secured.

The lesson?

DON'T CREATE AN OPEN DMZ TO A SERVER WITH CRAPPY, UNPATCHED MICROSOFT SOFTWARE RUNNING ON IT!