Re: Enabling logging on IPC$ share ?
From: Steven Umbach (n9rou_at_n0spam-comcast.net)
Date: 02/15/04
- Next message: Marina Roos [SBS-MVP]: "Re: DHCP not assigning IP Addresses"
- Previous message: Steven Umbach: "Re: How safe am I behind ISA Server"
- In reply to: Kazil: "Enabling logging on IPC$ share ?"
- Next in thread: Petr Kazil: "Re: Enabling logging on IPC$ share ?"
- Reply: Petr Kazil: "Re: Enabling logging on IPC$ share ?"
- Reply: Petr Kazil: "Re: Enabling logging on IPC$ share ?"
- Reply: Petr Kazil: "Re: Enabling logging on IPC$ share ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 14 Feb 2004 23:05:09 GMT
Curious?? You should hope to see no access from the internet to a domain
controller unless this is a intrusion detection project on a non production DC.
You can enable auditing of object access and then audit particular folders/files
but that will generate a lot of events in the security log. Auditing of logon
events will give you the most information in conjunction with firewall logs. A
personal firewall such as Sygate [free to try] has lot's of logging capabilities
and can be used just for that purpose by disabling the firewall function itself.
Packet sniffers such as the built in Netmon or other free one will give a lot of
detailed information at the packet level. TCPView from SysInternals will give a
lot of information on live network connections mapping ports to
processes/applications. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;301640
http://www.sysinternals.com/ntw2k/source/tcpview.shtml
"Kazil" <anonymous@discussions.microsoft.com> wrote in message
news:58AC8640-2E21-4D90-B2AB-4B0ED7E5E218@microsoft.com...
> I have hooked a Win2K Domain Controller to the Internet and I'm curious what
types of access I will see. I have enabled all kinds of logging, but would like
to enable logging on the Administrative shares and the IPC$ share. Is that
possible?
- Next message: Marina Roos [SBS-MVP]: "Re: DHCP not assigning IP Addresses"
- Previous message: Steven Umbach: "Re: How safe am I behind ISA Server"
- In reply to: Kazil: "Enabling logging on IPC$ share ?"
- Next in thread: Petr Kazil: "Re: Enabling logging on IPC$ share ?"
- Reply: Petr Kazil: "Re: Enabling logging on IPC$ share ?"
- Reply: Petr Kazil: "Re: Enabling logging on IPC$ share ?"
- Reply: Petr Kazil: "Re: Enabling logging on IPC$ share ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
