Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: Brute-force and IIS/w2k logs

Brute-force and IIS/w2k logs

From: Cushmeer, Barnar <BarnarCushmeer_at_Enthusian.com>
Date: Tue, 1 Apr 2003 16:15:40 -0500

        Hello,

        I've just reviewed a short range of security logs on a W2k/IIS box
and there is an over abundance of repeated invalid login attempts. The
attempts seem to focus on weak user ids (ie; admin, administrator, root,
sql, etc.). However I've seen a few successful "anonymous" login/logouts.

        My two questions are.. is the "anonymous" login something to be
concerned about and what's the best way(s) to gather more relevant log data
about the source of the attacks beyond the scant information provided in the
Security log (machine name, time/date). Is there a way to capture the IP
address of the source?

        Thank you.
        -BC

-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-security-basics
Received on Apr 02 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos