|
WebApp Sec
mailing list archives
Re: OT: Win2k3 logging the IP address of failed FTP attempts
From: "Rob Creely" <programmingart () gmail com>
Date: Tue, 13 Jun 2006 10:46:51 -0400
Hi Ian.
I don't believe it is possible to have the IP address of the affending
machine logged in the Security Event log. However, IIS can log to a
seperate file, which depending on your selected options, would include
the IP address. In the FTP site properties, make sure "enable
logging" is checked. You can then configure the location of the log
file and what exactly is logged by hitting the "Properties" button
next to the "Active log format" box.
Hope this helps.
--Rob
On 6/12/06, Ian <webappsec2 () fishnet co uk> wrote:
Hi,
Sorry for the slightly off topic question but I find myself at a loss and would like to query
your collective intelligence.
We have a win2k3 web server which hosts a few hundred domains. Recently I have
noticed a load of brute force attempts against the administrator account coming from
China. Not unusual but today I noticed ;)
Unfortunately the IP address is not logged to the event log so I have had to use
TCPView from SysInternals to figure out where they are coming from so I can block
them at the firewall. (Easier than looking through the FTP logs of a hundred+ sites.)
Does anyone know of a way to get the IP address into the event log? I have all the
auditing rules switched on (ie. success,failure) but with no results.
I wish to get the IP address so I could then automate the blocking of IPs for a set period
of time.
Sorry to post this here but a full work day of googling has left me with nothing.
Regards
Ian
--
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. Change the way you
think about application security testing - See for yourself.
Download a Free Trial of AppScan 6.0 today!
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. Change the way you
think about application security testing - See for yourself.
Download a Free Trial of AppScan 6.0 today!
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
| 
Intro
