Hackers

[Lee]

In examining my event log I have numrous logon failures
that I would like to trace back to an IP address but the
standard message only gives the machine name, domain, and
account attempted. The machine is not located within my
domain, but over the internet. Is the IP address logged
somewhere; is there something I can do to capture this
information?

 

[Dale Weiss]

Hello,

I assume that you are running Windows 2000.

IIRC the IP Address is not shown in the log, just the system name.

Is your domain controller exposed to the Internet? Do you have a firewall?

Do you have remote access users that might be trying to log in from their
home systems?

Dale Weiss MCSA MCSE CISSP
PSS Security

This posting is provided "AS IS" with no warranties, and confers no rights.
Any opinions or policies stated within are my own and do not necessarily
constitute those of my employer. Use of included script samples are subject
to the terms
specified at http://www.microsoft.com/info/cpyright.htm

 

[Jeff Cochran]

In examining my event log I have numrous logon failures
that I would like to trace back to an IP address but the
standard message only gives the machine name, domain, and
account attempted. The machine is not located within my
domain, but over the internet. Is the IP address logged
somewhere; is there something I can do to capture this
information?

Check your firewall logs.

Jeff

 

[Karl Levinson [x y] mvp]

Check your firewall logs.

Agreed. This is the only way. www.kerio.com and www.sygate.com are free
firewalls.