Re: pls help
From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 03/13/03
- Next message: Frank: "Administrative Shares - Win2k Pro"
- Previous message: Karl Levinson [x y] mvp: "Re: A way to give Power Users ability to change IP?"
- In reply to: Huzaif: "pls help"
- Next in thread: Huzaif: "Re: pls help"
- Reply: Huzaif: "Re: pls help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <levinson_k@excite.com> Date: Thu, 13 Mar 2003 16:10:58 -0500
Linksys routers can usually be configured to use syslog to capture the logs to a free syslog client on a computer, such as www.wallwatcher.com or www.kiwisyslog.com I would recommend that, as this is going to be your best way of getting IP addresses going forward. [You are probably not going to get the IP addresses for the devices that already attempted to access your network.] www.sygate.com, www.kerio.com, www.agnitum.com and www.zonealarm.com are free firewall software that may also be useful.
It would seem that you have no firewall or your firewall is not blocking Netbios traffic. You would want to fix this. www.linksys.com and www.netgear.com have firewalls starting around $80 US. www.netscreen.com 5XP is a much better firewall starting around $550 US.
You'd also want to secure the computers on your network, especially the OWA / SMTP / IIS server or servers:
http://securityadmin.info/faq.htm#harden
To look for more information on potential hacking, see here:
http://securityadmin.info/faq.htm#hacked
http://securityadmin.info/faq.htm#re-secure
If you want to start getting advanced, you could also try learning how to use a sniffer:
http://securityadmin.info/faq.htm#sniffer
Or use Snort or another free or not-free software for intrusion detection:
http://securityadmin.info/faq.htm#ids
"Huzaif" <huzaif@ahmedgroup.co.uk> wrote in message news:uL7Ic$V6CHA.1732@TK2MSFTNGP12.phx.gbl...
hi all Gurus,
I have since yesterday had so many events in my security logs for users and workstatiosn which are not even in my LAN
event are as follows .......every 3 minutes
***************************************
Event id : 681
category is account logon
The logon to account: ibm
by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
from workstation: ASYLUM
failed. The error code was: 3221225572
********************************************************************
The logon to account: cynthia
by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
from workstation: AGUPTA
failed. The error code was: 3221225572
********************************************************************
and all sorts of random users and computer names are coming up so i have no idea what is happening and i cant even trace them as this event log does not tell me the ip address my server is behind a Linksys router so no luck of professisonal logs and tracks as i genrally fidn peopel doigna port scan so is there a way to catch from where in the world all this is happening from and secondly how do i get the ip addres of these people
The server is hosting OWA and company website and SMTP relay server which is another one next to it I a not gettignthe same logs on the other server i.e. NS02
but NS01 is getting all the security logs as above..... pls help
Huzaif
- Next message: Frank: "Administrative Shares - Win2k Pro"
- Previous message: Karl Levinson [x y] mvp: "Re: A way to give Power Users ability to change IP?"
- In reply to: Huzaif: "pls help"
- Next in thread: Huzaif: "Re: pls help"
- Reply: Huzaif: "Re: pls help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
