Re: Attack

From: Jeff Cochran (jcochran.nospam_at_naplesgov.com)
Date: 09/16/03


Date: Tue, 16 Sep 2003 17:08:33 GMT


On Tue, 16 Sep 2003 07:07:39 -0700, "Ranjan"
<ranjan_babu_g@hotmail.com> wrote:

>I feel some attack going on in my server.

Attacks are always going to occur. Successes are what you need to
worry about. :)

>How can i know attack happen to my iis server other than
>logs of IIS.Pls find the logs in w3svc1 .

Firewall logs, URLScan logs, IDS logs...
     
>we given natting to the iis server.Any way make the server
>secure form outside world other than firewall .

Other than a firewall? A firewall is you best first option. Beyond
that, access control lists in the router, IP blocking on the server
and hardening of the server should all be done.

>Can i go for ipsec .Pls give your suggestion to secure my
>server.

IPSec may help, but make sure you hardenn the server and lock down the
firewall first.

Jeff



Relevant Pages

  • Re: Event Security
    ... The firewall logs are the first place to look. ... firewall and windows system [ideally using an internet NTP server] and try ... If the user is using IIS to try the passwords, ...
    (microsoft.public.win2000.security)
  • Re: Strange WAN Activity
    ... > firewall logs for a possible TCP FIN scan that keeps ... > company's intranet server IP and its port 80 across our ... > My firewall is a Sonicwall Pro 200 and I'm running W2K ... It's difficult to be sure without inspecting the web server for signs of ...
    (microsoft.public.win2000.security)
  • Re: Winvnc hack! [25 KB]
    ... came in from a service such as IIS that logs IP address. ... Check your IIS ... Some firewall software such as ... You can also use the NETSTAT -A command that comes with Windows to look at ...
    (microsoft.public.win2000.security)
  • Re: Blocking attacks from spoofed IP addresses
    ... # some idiot playing with the ftp server ... blocking was simply to unclutter the logs. ... server to an obscure port. ... Firewall rules alone are all that are needed, so there is no reason to ...
    (comp.os.linux.networking)
  • Re: Port 25 Not Open, cant receive mail
    ... I'm not quite sure on which other logs I can check - The event logs just ... the server. ... I also ran a port scan from another PC on the network, ... If there's no 3rd party firewall, I'd run the CEICW one more time, paying ...
    (microsoft.public.windows.server.sbs)