Re: Can Somone Tell Me If We Have a Hacker?
- From: "Steven Burn" <somewhere@xxxxxxxxxxxxxxx>
- Date: Tue, 27 Jun 2006 22:49:22 +0100
As far as passwords go, the smallest I'll even consider using is 25 chars
(alpha/num/spchar), but thats just me ..... (any less and I don't feel
comfortable)
As far as IDS, the ISC (Internet Storm Center) ladies and gents seem to love
Snort ....
http://www.snort.org/dl/binaries/win32/
An additional and very useful app is a freeware packet monitor called "What
Is Transfering"
http://www.wfshome.com
Gives you the packets contents (Hex and text), port accessed (local and
remote - for what it's worth) and the corresponding IP ....
--
Regards
Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk
Keeping it FREE!
"razor" <razor@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A9FDA3C4-9A81-46ED-81C2-23BBA3D08AEF@xxxxxxxxxxxxxxxx
I wish we could track the IP, but it is not in the logs and we currentlyin
don't have any IDS or other tools to track that--unless there is something
W Server 2003 that we don't know about. Our Cisco Pix 515e firewall doesnot
track IPs either.the
Thanks for the insight into the odds of breaking our password. Those are
pretty good odds in our favor.
sd
"GobLox" wrote:
Keep in mind that changing passwords often only really protects you from
someone on the inside or someone who has already broken the password. In
numbersecond case, chances are its too late then. Dictionary attacks? Put a
with aor two in there and you are safe... Brute force? Glance at your logs -
brute-force6-8 character password the odds are on your side Considering a 6 Letter
password is 30Million combinations? You've got time to notice a
theattack and just ban the IP rather than "firewall" your FTP AKA "disable
FTP toFTP server" which is probably not an option.
"Steven Burn" wrote:
Been getting quite a few of these myself ..... everything from IIS to
toSMTP (most common is my SMTP server). As with yourself however, I tend
50use quite complex pw's that are changed twice daily.
--
Regards
Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk
Keeping it FREE!
"razor" <razor@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7BF4A62E-0BE8-4A57-AD23-147AA71AB5C3@xxxxxxxxxxxxxxxx
Hello--
I am pasting an event log from our IIS/web server that repeats about
seems totimes every day during non-business hours. Our SQL administrator
about it?believe that somone is trying to hack into our system via FTP.
Can somone tell me if the below is a hacker, and what we can do
'Administrator' due
Event Type: Warning
Event Source: MSFTPSVC
Event Category: None
Event ID: 100
Date: 6/25/2006
Time: 12:45:25 PM
User: N/A
Computer: PWARDELLIIS
Description:
The server was unable to logon the Windows NT account
password.to
the following error: Logon failure: unknown user name or bad
The
data is the error code.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2e 05 00 00 ....
Many thanks,
sd
.
- References:
- Re: Can Somone Tell Me If We Have a Hacker?
- From: Steven Burn
- Re: Can Somone Tell Me If We Have a Hacker?
- From: razor
- Re: Can Somone Tell Me If We Have a Hacker?
- Prev by Date: Re: SSL issue OWA 2003
- Next by Date: Re: A little help (kerberos, netbios, and SPN... oh my!)
- Previous by thread: Re: Can Somone Tell Me If We Have a Hacker?
- Next by thread: Re: Can Somone Tell Me If We Have a Hacker?
- Index(es):
Relevant Pages
|
