Re: Brute force attack but no IP's in log??
From: Rob (mayan12@hotmail.com)
Date: 11/21/02
- Next message: x y: "Re: IS there a way to determine which dll is loaded and accessing the network?"
- Previous message: x y: "Re: Messenger Service Spam"
- In reply to: x y: "Re: Brute force attack but no IP's in log??"
- Next in thread: Karl Levinson [x y] mvp: "Re: Brute force attack but no IP's in log??"
- Reply: Karl Levinson [x y] mvp: "Re: Brute force attack but no IP's in log??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Rob" <mayan12@hotmail.com> Date: Thu, 21 Nov 2002 09:47:10 -0500
Really no way of telling the IP in Event Viewer.?
Ok lets think about this.
You get the Machines name but not IP. hmmmmm
Why am I not surprised?
Oh well.
"x y" <x@y.com> wrote in message news:eRQVLzWkCHA.2460@tkmsftngp10...
>
> "Rob" <mayan12@hotmail.com> wrote in message
> news:eosTKgWkCHA.2848@tkmsftngp10...
> > I have set the audit level to log all failed logins but the stupis thing
> > doesnt show the IP of the attacker in the Event viewer /security.
> > Am I missing something here?
> > How do I get the actual IP of the attacker in the logs?
> > Is this a hidden feature?
> > Do I need a 3party software to track this? if so which one would you
> > recommend
>
> Yes, ideally a firewall. You'd then probably need to correlate the
separate
> log entries yourself using the timestamps in the two logs. Check out:
>
> http://securityadmin.info/faq.htm#4.31
> http://securityadmin.info/faq.htm#firewall
>
>
>
>
- Next message: x y: "Re: IS there a way to determine which dll is loaded and accessing the network?"
- Previous message: x y: "Re: Messenger Service Spam"
- In reply to: x y: "Re: Brute force attack but no IP's in log??"
- Next in thread: Karl Levinson [x y] mvp: "Re: Brute force attack but no IP's in log??"
- Reply: Karl Levinson [x y] mvp: "Re: Brute force attack but no IP's in log??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
