Re: Need to discover the IP of a hacker trying to get into our ser
- From: "TP" <tperson.knowspamn@xxxxxxxxxxxxxxx>
- Date: Fri, 17 Mar 2006 21:43:17 -0500
Looks like an attack against your FTP site. In this case the source ip address will be in the log file for the ftp site.
You can find the location of your ftp log by opening up Internet Information Services Manager, right-clicking on your ftp site, choosing Properties, and then clicking the Properties button at the bottom of the FTP Site tab.
The name and path to your log file will appear at the bottom of the Logging Properties window. By default, it will be something like this:
C:\WINDOWS\system32\LogFiles\MSFTPSVC1\
-TP
Ken R wrote:
Logon Failure:
Reason: Unknown user name or bad password
User Name: backup
Domain: (Our Domain Name)
Logon Type: 8
Logon Process: IIS
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: (Computer Name)
Caller User Name: (Computer Name)$
Caller Domain: XXXXXX
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 3100
Transited Services: -
Source Network Address: -
Source Port: -
Where that it were that easy. Already looked for it on the entries. Actual local failures have the IP listed, but not these remotes.
This is an SBS server, so we've got web open, TS for RDP, Remote Web
Workplace, OWA, and FTP.
Ken
.
- References:
- Prev by Date: Re: TAPI Under TS?
- Next by Date: Re: Client Licensing
- Previous by thread: Re: Need to discover the IP of a hacker trying to get into our ser
- Next by thread: Re: Need to discover the IP of a hacker trying to get into our ser
- Index(es):
