How to find the IP of someone trying to Breakin?

G

Guest

Hi I'm working with Windows 2000 Server with SP4. My problems is that someone
is trying to loggin to my account. when looking in the event Security log I
find the Name that they are trying to use to loggin and the work station
name. But nothing that really helps me out. Since the user is trying to gain
access from the outside. what I need is some helpful information like IP
address of the person trying to loggin, How they are trying to loggin. That
kind of information. If I had the IP address I could block them at the router.

Thank you for your Time & Help
Josh
 
S

Steven L Umbach

First check the configuration of your router. By default NAT router will
block all uninitiated inbound traffic. You can go to a site such as
http://scan.sygatetech.com/ to see how well your firewall is configured and
any open ports could be the cause of the unwanted access. If your router is
able to log inbound traffic you may be able to pinpoint the IP address by
looking at entries in the firewall log that correspond to the failed logon
attempts by time . I would also check your computer for viruses and
parasites [with latest definitions/signatures] in case you have a "backdoor"
installed that may bypass your firewall to phone home. If you installed a
personal firewall such as Sygate on your computer [even temporarily] it
probably would show the IP address and the application that the attacker is
trying to access or the backdoor that is trying to phone home. Sygate has
extensive logging. --- Steve
 
T

Teething

If you have the workstation name, that is the name of the computer the
commands are coming from.
Check internally first for viruses or backdoors like Steve suggested.
 
T

Teething

There are also lots of scanning tools out there to sniff your
network...however that is not the scope of this group.

-sean
 
G

Guest

Consider investing in a good Personal Firewall on your W2k machine (Sygate,
Tiny, Kerio, Symantec, etc.). Unsolicited incoming traffic will be blocked,
logged and a prompt usually will appear alerting you to that effect. Most
logs will give you extensive info about such attempts, though one has to be
aware that IP addresses can easily be spoofed.

Do let us know if this helps. Thanks!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Static IP on a printer fails 6
Find out when IP address was changed with Hosting Company 4
Unable To Connect To Internet - IP Address Conflict 6
Windows Crashes in Normal Mode, Safe Mode With Networking mode butnot Safe Mode 0
some is trying to manipulate my server 1
Access Access Locked out on my DB. "You do not have the necessary permissions to use the <na 1
What is the IP address? 1
Client could not connect to remote computer 1

Top