Event Security
From: Michael J. Demirdjian (flu_shot@bigfoot.com)
Date: 10/17/02
- Next message: Guy Lee: "Re: UTILITY TO DELETE HACKED DIRECTORY"
- Previous message: Wayne Calhoun: "Defrag Permissions on Standard User"
- Next in thread: Karl Levinson [x y] \(MVP\): "Re: Event Security"
- Reply: Karl Levinson [x y] \(MVP\): "Re: Event Security"
- Reply: Johnson Huge: "Event Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Michael J. Demirdjian" <flu_shot@bigfoot.com> Date: Thu, 17 Oct 2002 08:52:10 -0400
Hi There,
We have a customer with a Windows 2000 Server and IIS, and it seems someone
is running a tools to try to guess the password because. The event viewer
kicks out a failed security audit every 3 seconds, and there is about 30
failed audits with random user names. This happens once or twice a
day.
The server sits behind a firewall but how can we get the IP Address of the
hacker preferably using the Windows 2000 server (event) audit service? Is
there a way to track this hacker?
The events id that kicks is something like 529 but there is no IP address.
You can tell the tool they are using is crude because of the type of
user names and domains it tries, but I still want to catch this person and
report
them!
Any help
Thanks
Mike
- Next message: Guy Lee: "Re: UTILITY TO DELETE HACKED DIRECTORY"
- Previous message: Wayne Calhoun: "Defrag Permissions on Standard User"
- Next in thread: Karl Levinson [x y] \(MVP\): "Re: Event Security"
- Reply: Karl Levinson [x y] \(MVP\): "Re: Event Security"
- Reply: Johnson Huge: "Event Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
