Dear All,
Thank you very much for all your comments and suggestions, it has been of
great benefit to me and hopefully those measures will provide a little
insight into catching the culprit. I would like to say thanks to XinteriX
(Tim) especially for the indepth breakdown of measures to undertake in this
delicate scenario.
Thank you all once again and I will keep you guys posted on how we go, or
even better if we catch the culprit and the managers probably will give that
person the boot from the company. Cheers.
-Dave Ng
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Ron DuFresne
Sent: Wednesday, October 24, 2001 11:36 AM
To: David Ng
Cc: [EMAIL PROTECTED]
Subject: Re: Please assist, tracking or IDS options.
Cool, NT, stability <cough>. What do you mean by shutdown? What kind of
firewall was run on the NT server? Did the whole system bluescreen or
shutdown, or did the firewall in place fail closed? Part of the problem
here is a lack of information on what you are trying to determine
happened, as well as whether or not there was a IDS system in place to log
an attack if it indeed did occur, let alone the direction of the issue, it
well could have been something lauched from inside as others have and will
mention.
Thanks,
Ron DuFresne
On Wed, 24 Oct 2001, David Ng wrote:
> Dear all,
> We have a NT network that was hit the other day, in the sense that it
> was remotely shutdown by an individual somehow. The person might have the
> passwords and also sound technical expertise in remote utilities. Is there
a
> way for me to trace where the traffic was coming from that day and what IP
> address? Also, is there a way to automatically capture the screen if it
was
> remotely controlled?
> Please advise, thanks in advance.
>
>
> Sincerely,
>
>
>
> David Ng
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
