Netwatcher

[danbug]

I am looking for something in Win2k that will allow me to
monitor network access the way Netwatcher does in Win95/98.

I have a class full of students that are using hacker
tools to gain access to my files and control my system. I
need a way to find out which machine is doing this.

TIA,
danbug

 

[Steven L Umbach]

I can't remember exactly what netwatcher does, but in W2K you can monitor active
sessions via Computer Management/shared folders/sessions. You can also enable
auditing of logon events for success and failure to see who is accessing or trying to
access your computer in the Event Viewer/security log. It is also possible to audit
access to folders/files after enabling auditing of object access, but the events in
the log are not very user friendly and there will be a lot of them [probably
thousands].

http://support.microsoft.com/default.aspx?scid=KB;en-us;q300958
http://support.microsoft.com/default.aspx?scid=kb;en-us;301640

Having said that, there are things you can do to protect yourself. Make sure your
ntfs permissions are hardened. For instance in a default installation the everyone
and users group may have excessive permissions on the root/drive folder. If they do
not need that much access, reduce them to read/list/execute and make sure that
permissions are correct on the folder for your personal files being shore to check
advanced permissions. First I would see the KB link below on how to reset W2K ntfs
permissions to default defined permissions, which you may want to do. Use a complex
password, protect it, and change it periodically. Never use you password on an
untrusted machine where someone may have installed a keyboard logger. If they are
taking over your computer, then they have administrator access. Check the membership
of the local administrator and power users group to see if it is what you expect and
change your administrator passwords now. You can also restrict access to your
computer over the network by modifying the "access this computer from the network"
user right assignment in Local Security Policy/security settings/local policies/user
rights. If you are referring to a domain controller, then you can not restrict that
user right or users can not logon to the domain. If you do not need to access or
offer shares or Computer Management remotely, then you could also disable file and
print sharing on your machine. Ipsec filtering can also be used to deny/allow access
to a computer in a fashion similar to a firewall by managing ip addresses, ports, and
protocols. --- Steve

http://support.microsoft.com/?kbid=266118

 

[dev]

What about Network Monitor?

I can't remember exactly what netwatcher does, but in W2K you can monitor active
sessions via Computer Management/shared folders/sessions. You can also enable
auditing of logon events for success and failure to see who is accessing or trying to
access your computer in the Event Viewer/security log. It is also possible to audit
access to folders/files after enabling auditing of object access, but the events in
the log are not very user friendly and there will be a lot of them [probably
thousands].

http://support.microsoft.com/default.aspx?scid=KB;en-us;q300958
http://support.microsoft.com/default.aspx?scid=kb;en-us;301640

Having said that, there are things you can do to protect yourself. Make sure your
ntfs permissions are hardened. For instance in a default installation the everyone
and users group may have excessive permissions on the root/drive folder. If they do
not need that much access, reduce them to read/list/execute and make sure that
permissions are correct on the folder for your personal files being shore to check
advanced permissions. First I would see the KB link below on how to reset W2K ntfs
permissions to default defined permissions, which you may want to do. Use a complex
password, protect it, and change it periodically. Never use you password on an
untrusted machine where someone may have installed a keyboard logger. If they are
taking over your computer, then they have administrator access. Check the membership
of the local administrator and power users group to see if it is what you expect and
change your administrator passwords now. You can also restrict access to your
computer over the network by modifying the "access this computer from the network"
user right assignment in Local Security Policy/security settings/local policies/user
rights. If you are referring to a domain controller, then you can not restrict that
user right or users can not logon to the domain. If you do not need to access or
offer shares or Computer Management remotely, then you could also disable file and
print sharing on your machine. Ipsec filtering can also be used to deny/allow access
to a computer in a fashion similar to a firewall by managing ip addresses, ports, and
protocols. --- Steve

http://support.microsoft.com/?kbid=266118

I am looking for something in Win2k that will allow me to
monitor network access the way Netwatcher does in Win95/98.

I have a class full of students that are using hacker
tools to gain access to my files and control my system. I
need a way to find out which machine is doing this.

TIA,
danbug

 

[dev]

You might want to disable File Sharing also, if it is enabled.

I can't remember exactly what netwatcher does, but in W2K you can monitor active
sessions via Computer Management/shared folders/sessions. You can also enable
auditing of logon events for success and failure to see who is accessing or trying to
access your computer in the Event Viewer/security log. It is also possible to audit
access to folders/files after enabling auditing of object access, but the events in
the log are not very user friendly and there will be a lot of them [probably
thousands].

http://support.microsoft.com/default.aspx?scid=KB;en-us;q300958
http://support.microsoft.com/default.aspx?scid=kb;en-us;301640

Having said that, there are things you can do to protect yourself. Make sure your
ntfs permissions are hardened. For instance in a default installation the everyone
and users group may have excessive permissions on the root/drive folder. If they do
not need that much access, reduce them to read/list/execute and make sure that
permissions are correct on the folder for your personal files being shore to check
advanced permissions. First I would see the KB link below on how to reset W2K ntfs
permissions to default defined permissions, which you may want to do. Use a complex
password, protect it, and change it periodically. Never use you password on an
untrusted machine where someone may have installed a keyboard logger. If they are
taking over your computer, then they have administrator access. Check the membership
of the local administrator and power users group to see if it is what you expect and
change your administrator passwords now. You can also restrict access to your
computer over the network by modifying the "access this computer from the network"
user right assignment in Local Security Policy/security settings/local policies/user
rights. If you are referring to a domain controller, then you can not restrict that
user right or users can not logon to the domain. If you do not need to access or
offer shares or Computer Management remotely, then you could also disable file and
print sharing on your machine. Ipsec filtering can also be used to deny/allow access
to a computer in a fashion similar to a firewall by managing ip addresses, ports, and
protocols. --- Steve

http://support.microsoft.com/?kbid=266118

I am looking for something in Win2k that will allow me to
monitor network access the way Netwatcher does in Win95/98.

I have a class full of students that are using hacker
tools to gain access to my files and control my system. I
need a way to find out which machine is doing this.

TIA,
danbug

 

[Steven L Umbach]

Netmon is a packet capture program useful in analyzing network traffic at the packet
level, but I would not recommend it in his situation at least not as the first step.
Auditing of logon events should also show the computer name that is trying to access
his computer if it is on the lan . --- Steve

What about Network Monitor?

I can't remember exactly what netwatcher does, but in W2K you can monitor active
sessions via Computer Management/shared folders/sessions. You can also enable
auditing of logon events for success and failure to see who is accessing or trying to
access your computer in the Event Viewer/security log. It is also possible to audit
access to folders/files after enabling auditing of object access, but the events in
the log are not very user friendly and there will be a lot of them [probably
thousands].

http://support.microsoft.com/default.aspx?scid=KB;en-us;q300958
http://support.microsoft.com/default.aspx?scid=kb;en-us;301640

Having said that, there are things you can do to protect yourself. Make sure your
ntfs permissions are hardened. For instance in a default installation the everyone
and users group may have excessive permissions on the root/drive folder. If they do
not need that much access, reduce them to read/list/execute and make sure that
permissions are correct on the folder for your personal files being shore to check
advanced permissions. First I would see the KB link below on how to reset W2K ntfs
permissions to default defined permissions, which you may want to do. Use a complex
password, protect it, and change it periodically. Never use you password on an
untrusted machine where someone may have installed a keyboard logger. If they are
taking over your computer, then they have administrator access. Check the membership
of the local administrator and power users group to see if it is what you expect and
change your administrator passwords now. You can also restrict access to your
computer over the network by modifying the "access this computer from the network"
user right assignment in Local Security Policy/security settings/local policies/user
rights. If you are referring to a domain controller, then you can not restrict that
user right or users can not logon to the domain. If you do not need to access or
offer shares or Computer Management remotely, then you could also disable file and
print sharing on your machine. Ipsec filtering can also be used to deny/allow access
to a computer in a fashion similar to a firewall by managing ip addresses, ports, and
protocols. --- Steve

http://support.microsoft.com/?kbid=266118

I am looking for something in Win2k that will allow me to
monitor network access the way Netwatcher does in Win95/98.

I have a class full of students that are using hacker
tools to gain access to my files and control my system. I
need a way to find out which machine is doing this.

TIA,
danbug

 

[cook]

I am looking for something in Win2k that will allow me to
monitor network access the way Netwatcher does in Win95/98.

I have a class full of students that are using hacker
tools to gain access to my files and control my system. I
need a way to find out which machine is doing this.

TIA,
danbug

try my little app : http://www.netbiosspy.4t.com/

or trial at : http://www.chez.com/vruy/Download/NetBiosSpy.zip

this is in english.