How to find the IP of someone trying to Breakin?

Archived from groups: microsoft.public.win2000.security (More info?)

Hi I'm working with Windows 2000 Server with SP4. My problems is that someone
is trying to loggin to my account. when looking in the event Security log I
find the Name that they are trying to use to loggin and the work station
name. But nothing that really helps me out. Since the user is trying to gain
access from the outside. what I need is some helpful information like IP
address of the person trying to loggin, How they are trying to loggin. That
kind of information. If I had the IP address I could block them at the router.

Thank you for your Time & Help
Josh
4 answers Last reply
More about find breakin
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    First check the configuration of your router. By default NAT router will
    block all uninitiated inbound traffic. You can go to a site such as
    http://scan.sygatetech.com/ to see how well your firewall is configured and
    any open ports could be the cause of the unwanted access. If your router is
    able to log inbound traffic you may be able to pinpoint the IP address by
    looking at entries in the firewall log that correspond to the failed logon
    attempts by time . I would also check your computer for viruses and
    parasites [with latest definitions/signatures] in case you have a "backdoor"
    installed that may bypass your firewall to phone home. If you installed a
    personal firewall such as Sygate on your computer [even temporarily] it
    probably would show the IP address and the application that the attacker is
    trying to access or the backdoor that is trying to phone home. Sygate has
    extensive logging. --- Steve


    "josh82443" <josh82443@discussions.microsoft.com> wrote in message
    news:92BB1248-87EC-4013-AF24-B89FF637D91C@microsoft.com...
    > Hi I'm working with Windows 2000 Server with SP4. My problems is that
    > someone
    > is trying to loggin to my account. when looking in the event Security log
    > I
    > find the Name that they are trying to use to loggin and the work station
    > name. But nothing that really helps me out. Since the user is trying to
    > gain
    > access from the outside. what I need is some helpful information like IP
    > address of the person trying to loggin, How they are trying to loggin.
    > That
    > kind of information. If I had the IP address I could block them at the
    > router.
    >
    > Thank you for your Time & Help
    > Josh
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    If you have the workstation name, that is the name of the computer the
    commands are coming from.
    Check internally first for viruses or backdoors like Steve suggested.
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    There are also lots of scanning tools out there to sniff your
    network...however that is not the scope of this group.

    -sean
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    Consider investing in a good Personal Firewall on your W2k machine (Sygate,
    Tiny, Kerio, Symantec, etc.). Unsolicited incoming traffic will be blocked,
    logged and a prompt usually will appear alerting you to that effect. Most
    logs will give you extensive info about such attempts, though one has to be
    aware that IP addresses can easily be spoofed.

    Do let us know if this helps. Thanks!


    "josh82443" wrote:

    > Hi I'm working with Windows 2000 Server with SP4. My problems is that someone
    > is trying to loggin to my account. when looking in the event Security log I
    > find the Name that they are trying to use to loggin and the work station
    > name. But nothing that really helps me out. Since the user is trying to gain
    > access from the outside. what I need is some helpful information like IP
    > address of the person trying to loggin, How they are trying to loggin. That
    > kind of information. If I had the IP address I could block them at the router.
    >
    > Thank you for your Time & Help
    > Josh
Ask a new question

Read More

Security Windows