Jerryleo
asked on
How to back trace the real attacker in LAN?
Some machines under attack from another subnet. I can only back trace the attacker to the gateway. How do I can back trace the real attacker?
My environment:
All the machine use WIN 9X in LAN.
the gateway use WIN 2000.
My environment:
All the machine use WIN 9X in LAN.
the gateway use WIN 2000.
check ogs on gateway
ASKER
I am sorry. Is it ogs or logs?
The gateway is a machine that runs windows 2000 adv server. And How do I check it or make a log to back trace?
Could give me a detailed guidance.
Thanks!
The gateway is a machine that runs windows 2000 adv server. And How do I check it or make a log to back trace?
Could give me a detailed guidance.
Thanks!
logs.
Well win2k has one of these nice click&type GUIs, so the Event Viewer may be the program of your chocie.
You also may improve the amount of information send to the event logger somewhere (sorry forgot how to do that, 'cause I have no mouse)
Well win2k has one of these nice click&type GUIs, so the Event Viewer may be the program of your chocie.
You also may improve the amount of information send to the event logger somewhere (sorry forgot how to do that, 'cause I have no mouse)
ASKER
Thanks very much!
The attack is an IGMP attack, called SXE attack. How do I set the log options or audit rules to trace it?
The attack is an IGMP attack, called SXE attack. How do I set the log options or audit rules to trace it?
try Start->Settings->ControlPa nel->Admin ->System Monitor
(IIRC in english for win2k)
(IIRC in english for win2k)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks and sorry for leaving it hanging a long time.