Re: Netwatcher
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 12/23/03
- Next message: Tom: "Services.exe process using >90% CPU"
- Previous message: dev: "Re: Netwatcher"
- In reply to: dev: "Re: Netwatcher"
- Next in thread: dev: "Re: Netwatcher"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 23 Dec 2003 00:41:03 GMT
Netmon is a packet capture program useful in analyzing network traffic at the packet
level, but I would not recommend it in his situation at least not as the first step.
Auditing of logon events should also show the computer name that is trying to access
his computer if it is on the lan . --- Steve
"dev" <devlpr@nospam.com> wrote in message
news:u6tIwsOyDHA.3888@tk2msftngp13.phx.gbl...
> What about Network Monitor?
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:4pLFb.113698$8y1.352120@attbi_s52...
> > I can't remember exactly what netwatcher does, but in W2K you can monitor
> active
> > sessions via Computer Management/shared folders/sessions. You can also
> enable
> > auditing of logon events for success and failure to see who is accessing
> or trying to
> > access your computer in the Event Viewer/security log. It is also possible
> to audit
> > access to folders/files after enabling auditing of object access, but the
> events in
> > the log are not very user friendly and there will be a lot of them
> [probably
> > thousands].
> >
> > http://support.microsoft.com/default.aspx?scid=KB;en-us;q300958
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;301640
> >
> > Having said that, there are things you can do to protect yourself. Make
> sure your
> > ntfs permissions are hardened. For instance in a default installation the
> everyone
> > and users group may have excessive permissions on the root/drive folder.
> If they do
> > not need that much access, reduce them to read/list/execute and make sure
> that
> > permissions are correct on the folder for your personal files being shore
> to check
> > advanced permissions. First I would see the KB link below on how to reset
> W2K ntfs
> > permissions to default defined permissions, which you may want to do. Use
> a complex
> > password, protect it, and change it periodically. Never use you password
> on an
> > untrusted machine where someone may have installed a keyboard logger. If
> they are
> > taking over your computer, then they have administrator access. Check the
> membership
> > of the local administrator and power users group to see if it is what you
> expect and
> > change your administrator passwords now. You can also restrict access to
> your
> > computer over the network by modifying the "access this computer from the
> network"
> > user right assignment in Local Security Policy/security settings/local
> policies/user
> > rights. If you are referring to a domain controller, then you can not
> restrict that
> > user right or users can not logon to the domain. If you do not need to
> access or
> > offer shares or Computer Management remotely, then you could also disable
> file and
> > print sharing on your machine. Ipsec filtering can also be used to
> deny/allow access
> > to a computer in a fashion similar to a firewall by managing ip addresses,
> ports, and
> > protocols. --- Steve
> >
> > http://support.microsoft.com/?kbid=266118
> >
> > "danbug" <netwatch@danbug.com> wrote in message
> > news:020b01c3c8cf$987b51b0$a401280a@phx.gbl...
> > > I am looking for something in Win2k that will allow me to
> > > monitor network access the way Netwatcher does in Win95/98.
> > >
> > > I have a class full of students that are using hacker
> > > tools to gain access to my files and control my system. I
> > > need a way to find out which machine is doing this.
> > >
> > > TIA,
> > > danbug
> >
> >
>
>
- Next message: Tom: "Services.exe process using >90% CPU"
- Previous message: dev: "Re: Netwatcher"
- In reply to: dev: "Re: Netwatcher"
- Next in thread: dev: "Re: Netwatcher"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
