How to tell if someone is trying to hack your server
How can you tell if someone is trying ot hack your server 2008. What should you look for in event viewer. I think a disgruntled employee is paying some one to hack this
place but i don't know what type of logs to look for.
Im getting:
1. "reservation for namespace identified by url prefix https://+:443/sra {ba195980... etc.. successfully added.
2. "A certificate could not be found. Connections that use the L2Tp protocal over IPsec require the installation of a machine certificate also known as a computer certificate. No L2TP calls will be accepted.
3. The secure socket tunneling protocal services either could not read the SHA256 certificate hash from the registry or the data is invalid. To be valid, the SHA256 certificate hash must be of type REG_BINARY and 32 bytes in length. SSTP might not be able to retrive the value from the registry due to some other system failure. SSTP connections will not be accepted on this server. Correct the problem and try again.
4. the system detected that network adapter loopback pseudo-interface 1 was connected to the network and has initiated normal operation.
What do you think...
place but i don't know what type of logs to look for.
Im getting:
1. "reservation for namespace identified by url prefix https://+:443/sra {ba195980... etc.. successfully added.
2. "A certificate could not be found. Connections that use the L2Tp protocal over IPsec require the installation of a machine certificate also known as a computer certificate. No L2TP calls will be accepted.
3. The secure socket tunneling protocal services either could not read the SHA256 certificate hash from the registry or the data is invalid. To be valid, the SHA256 certificate hash must be of type REG_BINARY and 32 bytes in length. SSTP might not be able to retrive the value from the registry due to some other system failure. SSTP connections will not be accepted on this server. Correct the problem and try again.
4. the system detected that network adapter loopback pseudo-interface 1 was connected to the network and has initiated normal operation.
What do you think...
Many hacking attempts to invalid pages end up in the c:\Windows\System32\LogFil
That is where uncaught exceptions in IIS or you web pages end up. For example if there is a 500 error, the error is recorded in that location.
That is where uncaught exceptions in IIS or you web pages end up. For example if there is a 500 error, the error is recorded in that location.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There is the cmd prompt > netstat
I can offer this little tools I have used both very successfully.
Port monitor
Portmon is a utility that monitors and displays all serial and parallel port activity on a system. It has advanced filtering and search capabilities that make it a powerful tool for exploring the way Windows works, seeing how applications use ports, or tracking down problems in system or application configurations.
http://technet.microsoft.com/en-us/sysinternals/bb896644.aspx
Active ports I just run on my desktop open, any pings will produce a red line which you can then get more info
take your pick, it's a very good tool and free
http://majorgeeks.com/Active_Ports_d682.html
http://www.sofotex.com/Active-Ports-download_L703.html