Re: Brute force attack but no IP's in log??
From: x y (x@y.com)
Date: 11/21/02
- Next message: x y: "Re: Messenger Service Spam"
- Previous message: Me: "Re: Trojan Horses Popular To The Malicious Hackers"
- In reply to: Rob: "Brute force attack but no IP's in log??"
- Next in thread: Rob: "Re: Brute force attack but no IP's in log??"
- Reply: Rob: "Re: Brute force attack but no IP's in log??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "x y" <x@y.com> Date: Thu, 21 Nov 2002 09:44:51 -0500
"Rob" <mayan12@hotmail.com> wrote in message
news:eosTKgWkCHA.2848@tkmsftngp10...
> I have set the audit level to log all failed logins but the stupis thing
> doesnt show the IP of the attacker in the Event viewer /security.
> Am I missing something here?
> How do I get the actual IP of the attacker in the logs?
> Is this a hidden feature?
> Do I need a 3party software to track this? if so which one would you
> recommend
Yes, ideally a firewall. You'd then probably need to correlate the separate
log entries yourself using the timestamps in the two logs. Check out:
http://securityadmin.info/faq.htm#4.31
http://securityadmin.info/faq.htm#firewall
- Next message: x y: "Re: Messenger Service Spam"
- Previous message: Me: "Re: Trojan Horses Popular To The Malicious Hackers"
- In reply to: Rob: "Brute force attack but no IP's in log??"
- Next in thread: Rob: "Re: Brute force attack but no IP's in log??"
- Reply: Rob: "Re: Brute force attack but no IP's in log??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
