Hopefully one of you administrators who is more experienced on a Windows
2000 Server can give me some hints.
I have observed that someone has been attempting to log on to our server by
trying to guess the passwords of the users. We have possibly 15 to
20 Windows 2000 users defined. Somehow the hacker has been able to get a
list of the user names.
My first question is does anyone know how they would accomplish this and
what can be done to prevent it in the future?
Next I see where they have taken each name in order (administrator right on
down to the last user) and probed several times apparently with some set of
standard passwords. As far as I can tell they have not even
tried. Unfortunately, the Microsoft Security log is so lame it does not
really give any clues as to who is making the attempts. It shows a
Workstation ID of "YOUNGSAN" from the domain "YOUNGSAN". But it does not
include any IP address. By the way, this is at least the second time this
Workstation has done this. I have also seen another workstation somewhere
do the same. I realize this may be some auto-pilot program doing this and
just coming back around after going elsewhere.
Question 2. Is there something in the Microsoft Windows 2000 standard
recording tools that would identify the IP address or is there a tool on
the utility/tools CD that comes with the documentation package that would
do this?
Question 3. Is there a way to completely block an IP, a Domain and/or a
Workstation from logging in even if they somehow hit on a valid combination?
Finally, I have a hunch that someone has managed to gain access to some
level because I have seen the Security log cleared, possibly to cover their
tracks.
Question 4. Is there anyway for someone to clear the security log without
gaining access with administrative privileges? If so how can it be prevented?
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
- Re:Re:[IMail Forum] Confirmation Required for Ipswitch... sms117
- Re: [IMail Forum] Confirmation Required for Ipswitch D... Victor Amram
- Re: [IMail Forum] Confirmation Required for Ipswi... Matthew Lohr
- RE: [IMail Forum] Confirmation Required for I... Rick Leske
- Re: [IMail Forum] Confirmation Required f... Matthew Lohr
- Re: [IMail Forum] Confirmation Requir... Victor Amram
- Re: [IMail Forum] Confirmation Required for Ipswitch D... Samrat Yadav
- RE: [IMail Forum] Confirmation Required for Ipswi... Samrat Yadav
- Re: [IMail Forum] Confirmation Required for Ipswitch D... Guy Isabel
- Re: [IMail Forum] Confirmation Required for Ipswi... Eric Shanbrom
- [OT]Re: [IMail Forum] Server Intrusion Orin Wells
- [OT]Re: [IMail Forum] Server Intrusion Rick Leske
- Re: [OT]Re: [IMail Forum] Server Intrusio... Orin Wells
- Re[2]: [OT]Re: [IMail Forum] Server I... Dev
- [IMail Forum] Semi OT: Virus Sca... Robert Grosshandler
- RE: [IMail Forum] Semi OT: V... Don Schreiner
- RE: [IMail Forum] Semi OT: V... John Tolmachoff
- [IMail Forum] Confirmation Required for Ipswitch Discu... subscribe
- RE: [IMail Forum] Confirmation Required for Ipswi... Nathan Fouarge
- RE: [IMail Forum] Confirmation Required for Ipswi... Nathan Fouarge
- Re: [IMail Forum] Confirmation Required for Ipswi... Shashank Agarwal
