Help: can Windows 2000 Server lbe configured to og IP address in the event log?

B

Bill

Windows server experts:

I know that Windows 2003 Server will log the IP of a user trying to logon with
a phony username or bad password. But, 2000 Server does not. Is there any way
to get 2000 to do this?

II am trying to identify a hacked that repeatedly tries to logon.

TIA
Bill
 
S

Steven L Umbach

As far as I know there is no way to do this. What you may want to try is to
use a personal firewall that has good logging - something like Sygate [if
you still can find it]. You could even configure the firewall to not do any
filtering but just do the logging. I the attempts are coming from outside
your network check your firewall logs and correlate firewall log entries
with the timestamps of the logon failures and of course have the firewall
and computer to be in synch time wise to make it easier.

Steve

http://www.tucows.com/preview/213160
 
B

Bill

Thanks for the response. I'm curious why a little chuck of code (to add the
connecting IP to the log) wasn't passed along in Windows 2000 Server update by
Microsoft.

As far as I know there is no way to do this. What you may want to try is to
use a personal firewall that has good logging - something like Sygate [if
you still can find it]. You could even configure the firewall to not do any
filtering but just do the logging. I the attempts are coming from outside
your network check your firewall logs and correlate firewall log entries
with the timestamps of the logon failures and of course have the firewall
and computer to be in synch time wise to make it easier.

Steve

http://www.tucows.com/preview/213160

Bill said:
Windows server experts:

I know that Windows 2003 Server will log the IP of a user trying to logon
with
a phony username or bad password. But, 2000 Server does not. Is there any
way
to get 2000 to do this?

II am trying to identify a hacked that repeatedly tries to logon.

TIA
Bill
 
O

Ozone

One thing you can do is use PortReporter to see all of the activity
that occurs on your NIC. The log formats are somewhat hard to read,
but there is a PR Parser tool that provides a GUI to viewing the
data. This is by far the best way to get IP addresses...

HTH
Ozone

Thanks for the response. I'm curious why a little chuck of code (to add the
connecting IP to the log) wasn't passed along in Windows 2000 Server update by
Microsoft.

As far as I know there is no way to do this. What you may want to try is to
use a personal firewall that has good logging - something like Sygate [if
you still can find it]. You could even configure the firewall to not do any
filtering but just do the logging. I the attempts are coming from outside
your network check your firewall logs and correlate firewall log entries
with the timestamps of the logon failures and of course have the firewall
and computer to be in synch time wise to make it easier.

Windows server experts:
I know that Windows 2003 Server will log the IP of a user trying to logon
with
a phony username or bad password. But, 2000 Server does not. Is there any
way
to get 2000 to do this?
II am trying to identify a hacked that repeatedly tries to logon.
TIA
Bill
 
B

Bill

Excellent! I will try that tomorrow. Thanks.

One thing you can do is use PortReporter to see all of the activity
that occurs on your NIC. The log formats are somewhat hard to read,
but there is a PR Parser tool that provides a GUI to viewing the
data. This is by far the best way to get IP addresses...

HTH
Ozone

Thanks for the response. I'm curious why a little chuck of code (to add the
connecting IP to the log) wasn't passed along in Windows 2000 Server update by
Microsoft.

As far as I know there is no way to do this. What you may want to try is to
use a personal firewall that has good logging - something like Sygate [if
you still can find it]. You could even configure the firewall to not do any
filtering but just do the logging. I the attempts are coming from outside
your network check your firewall logs and correlate firewall log entries
with the timestamps of the logon failures and of course have the firewall
and computer to be in synch time wise to make it easier.

news:[email protected]...
Windows server experts:
I know that Windows 2003 Server will log the IP of a user trying to logon
with
a phony username or bad password. But, 2000 Server does not. Is there any
way
to get 2000 to do this?
II am trying to identify a hacked that repeatedly tries to logon.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top