Sign in with
Sign up | Sign in
Your question

How to find the IP of someone trying to Breakin?

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
January 27, 2005 11:13:07 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi I'm working with Windows 2000 Server with SP4. My problems is that someone
is trying to loggin to my account. when looking in the event Security log I
find the Name that they are trying to use to loggin and the work station
name. But nothing that really helps me out. Since the user is trying to gain
access from the outside. what I need is some helpful information like IP
address of the person trying to loggin, How they are trying to loggin. That
kind of information. If I had the IP address I could block them at the router.

Thank you for your Time & Help
Josh

More about : find breakin

Anonymous
a b 8 Security
January 27, 2005 9:45:19 PM

Archived from groups: microsoft.public.win2000.security (More info?)

First check the configuration of your router. By default NAT router will
block all uninitiated inbound traffic. You can go to a site such as
http://scan.sygatetech.com/ to see how well your firewall is configured and
any open ports could be the cause of the unwanted access. If your router is
able to log inbound traffic you may be able to pinpoint the IP address by
looking at entries in the firewall log that correspond to the failed logon
attempts by time . I would also check your computer for viruses and
parasites [with latest definitions/signatures] in case you have a "backdoor"
installed that may bypass your firewall to phone home. If you installed a
personal firewall such as Sygate on your computer [even temporarily] it
probably would show the IP address and the application that the attacker is
trying to access or the backdoor that is trying to phone home. Sygate has
extensive logging. --- Steve


"josh82443" <josh82443@discussions.microsoft.com> wrote in message
news:92BB1248-87EC-4013-AF24-B89FF637D91C@microsoft.com...
> Hi I'm working with Windows 2000 Server with SP4. My problems is that
> someone
> is trying to loggin to my account. when looking in the event Security log
> I
> find the Name that they are trying to use to loggin and the work station
> name. But nothing that really helps me out. Since the user is trying to
> gain
> access from the outside. what I need is some helpful information like IP
> address of the person trying to loggin, How they are trying to loggin.
> That
> kind of information. If I had the IP address I could block them at the
> router.
>
> Thank you for your Time & Help
> Josh
January 28, 2005 4:40:56 PM

Archived from groups: microsoft.public.win2000.security (More info?)

If you have the workstation name, that is the name of the computer the
commands are coming from.
Check internally first for viruses or backdoors like Steve suggested.
Related resources
January 28, 2005 4:41:50 PM

Archived from groups: microsoft.public.win2000.security (More info?)

There are also lots of scanning tools out there to sniff your
network...however that is not the scope of this group.

-sean
Anonymous
a b 8 Security
January 30, 2005 9:53:03 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Consider investing in a good Personal Firewall on your W2k machine (Sygate,
Tiny, Kerio, Symantec, etc.). Unsolicited incoming traffic will be blocked,
logged and a prompt usually will appear alerting you to that effect. Most
logs will give you extensive info about such attempts, though one has to be
aware that IP addresses can easily be spoofed.

Do let us know if this helps. Thanks!


"josh82443" wrote:

> Hi I'm working with Windows 2000 Server with SP4. My problems is that someone
> is trying to loggin to my account. when looking in the event Security log I
> find the Name that they are trying to use to loggin and the work station
> name. But nothing that really helps me out. Since the user is trying to gain
> access from the outside. what I need is some helpful information like IP
> address of the person trying to loggin, How they are trying to loggin. That
> kind of information. If I had the IP address I could block them at the router.
>
> Thank you for your Time & Help
> Josh
!