IP Address discover.

rrgg · May 5, 2004

Hi all,
How to discover IP address of who is being attempt to unauthorized logon to Windows 2000 Server?

Thanks.

rrgg · May 5, 2004

Please, if possible, someone answer to the question.
Thanks.

tfg13 · May 5, 2004

Best bet would be to get yourself some third party software like a firewall that will identify the culprit. Bear in mind, not all of the addresses it gives you are the actual "hacker".

mrscary · May 6, 2004

How are they logging in? If it is via IIS then look at the logs in c:\winnt\system32\logfiles

Otherwise - if you mean file shares etc - then switching auditing on for logon/logoff events and examine the event log. That will usually give a machine name - then just go to DNS server and reverse lookup the thing. If it has been cleared out of there you could always check DHCP leases - and also the WINS name lookup.

M.

Hollingside Technologies, Making Technology work for you.

http://www.hollingside.com

rrgg · May 6, 2004

Thank you for answers!!!

The log-on possible is:
By Terminal Services
By FTP
By HTTP

rrgg.

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

IP Address discover.

rrgg

Technical User

rrgg

Technical User

tfg13

MIS

mrscary

Programmer

rrgg

Technical User

Similar threads

Part and Inventory Search

Sponsor