Re: Kerberos / IP address / event log
From: Steve (me@here.ca)
Date: 04/01/03
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Steve <me@here.ca> Date: 1 Apr 2003 13:43:22 GMT
Hi Stuart,
To the best of my knowledge, W2K has no native way of capturing the
IP address when a client connects. When connections are made by a
client inside of your domain who is registered in DNS, you can quite
easily resolve their machine name to an IP. However, if the server
is connected to or attacked by a system outside of your domain or not
registered in DNS, the machine name will do no good whatsoever as it
cannot be resolved.
At my office we have managed fix this by putting a software firewall
on the server and set it to log all of the traffic we are interested
in. The firewall we use is Kerio Personal Firewall and it works
like a charm, plus is very inexpensive.
Cheers,
Steve
skendric@fhcrc.org (Stuart Kendrick) wrote in
news:62dbf7f1.0303301845.1829c142@posting.google.com:
> Hi,
>
> I want to log the IP addresses of W2K clients requesting tickets from
> domain controllers (Kerberos KDCs). I don't see a way to do this.
>
> Is this possible? In the Event Log, I can see the NetBIOS names of
> machines whose users have mistyped their passwords (authentication
> failures) ... I don't care about that ... I want the IP addresses of
> machines which are authenticating (or, even, the IP address of the
> machine from which a user is requesting a Kerberos ticket, i.e. making
> an authentication request).
>
> --sk
>
> Stuart Kendrick
> FHCRC
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
