Security Basics mailing list archives
Brute-force and IIS/w2k logs
From: "Cushmeer, Barnar" <BarnarCushmeer () Enthusian com>
Date: Tue, 1 Apr 2003 16:15:40 -0500
Hello,
I've just reviewed a short range of security logs on a W2k/IIS box
and there is an over abundance of repeated invalid login attempts. The
attempts seem to focus on weak user ids (ie; admin, administrator, root,
sql, etc.). However I've seen a few successful "anonymous" login/logouts.
My two questions are.. is the "anonymous" login something to be
concerned about and what's the best way(s) to gather more relevant log data
about the source of the attacks beyond the scant information provided in the
Security log (machine name, time/date). Is there a way to capture the IP
address of the source?
Thank you.
-BC
-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-security-basics
Current thread:
- Brute-force and IIS/w2k logs Cushmeer, Barnar (Apr 02)
- <Possible follow-ups>
- re: Brute-force and IIS/w2k logs Harlan Carvey (Apr 03)
- pb with P2P... dessrezo (Apr 09)
- Re: pb with P2P... Salvatore Poliandro (Apr 10)
- pb with P2P... dessrezo (Apr 09)