Re: Help with possible hacker...
From: Joe Richards [MVP] (humorexpress@hotmail.com)
Date: 12/31/02
- Next message: Bryan: "unable to logon"
- Previous message: Joe Richards [MVP]: "Re: NTFS Security based on COmputer Account"
- In reply to: Tom Rossi: "Help with possible hacker..."
- Next in thread: Karl Levinson [x y] mvp: "Re: Help with possible hacker..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Joe Richards [MVP]" <humorexpress@hotmail.com> Date: Tue, 31 Dec 2002 12:02:09 -0500
The IP's are not natively available in W2K. They will be in Dot NET Server.
You can install firewall software or IDS software to help get this info now.
-- Joe Richards www.joeware.net --- "Tom Rossi" <TomRossi7@yahoo.com> wrote in message news:cb00dd30.0212310622.4a922227@posting.google.com... > I continue to get a group of login failures every few days. The login > attempts spread all of the local accounts on one of my servers. I > cannot tell from the security log the IP address of the hacker. Is > there somewhere else I can look? Please help... > > Here is an example from the event log: > > 12/23/2002 12:18:25 PM Security Failure Audit Account Logon 681 NT > AUTHORITY\SYSTEM SERVERNAME The logon to account: MemProxyUser1 > by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 > from workstation: SPSERVER > failed. The error code was: 3221226036 > 1
- Next message: Bryan: "unable to logon"
- Previous message: Joe Richards [MVP]: "Re: NTFS Security based on COmputer Account"
- In reply to: Tom Rossi: "Help with possible hacker..."
- Next in thread: Karl Levinson [x y] mvp: "Re: Help with possible hacker..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
