Solved

Intruder

Posted on 2003-11-04
19
406 Views
Last Modified: 2010-04-11
What is the quickest and easiest way to find out if there is an intruder on the network? We have a win 2000 network, thanks
0
Comment
Question by:mmacdougall
  • 5
  • 4
  • 4
  • +3
19 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9679503
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 9679528
If you have an unprotected (i.e. no firewall) Windoze network connected to the modern-day Internet, then you can pretty much bank on the idea that one or more of your machines have been compromised in one or more ways. Anyone who connects unprotected Windoze to the 'Net is fairly foolish. Even when "protected", the myriad vulnerabilities and flaws in Windoze make it fairly easy to compromise one way or another. Crackers just go for the wholly unprotected systems for the same reason a thief prefers unlocked doors to locked ones - they can get in both, but the unlocked one is easier.

So, if your Windoze network has been unprotected, assume you've been cracked, because you probably have.
0
 

Author Comment

by:mmacdougall
ID: 9679530
Which utility do you suggest
0
 

Author Comment

by:mmacdougall
ID: 9679546
We are behind a Cisco Pix firewall.

Everyone uses Windows or MSN messenger, can hacks come by using these?
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 9679561
Yes, hacks can come in via both those routes.
0
 

Author Comment

by:mmacdougall
ID: 9679569
And how could I check that
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 500 total points
ID: 9679579
Try to use most of the utilities there .each has it own advantages.

Try to configure your firewall and also know how to use the firewall in full.. Because many have firewalls but without proper configuration , hackers can come inside.

Check out the firewall log and also windows 2000 logs to check for unknown ip addresses

Sunray
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 9679620
Intrusion detection is still mostly an art as opposed to a science. There is no one piece of software that you run and it pops up the answer "You've been hacked!" on your computer screen. It requires time, effort, and some skill to perform intrusion detection in an environment as insecure as Windoze.

If you have reason to believe you environment has been compromised and you don't have the necessary skills to investigate that, then you should seriously consider hiring consultants to review your environment, determine if it has been compromised, fix it if it has, and make recommendations to secure it against further intrusion.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 9679634
This is, of course, the reason VARs and consultants recommend Windoze to their customers in the first place, because they are practically guaranteed a steady stream of callbacks and engagements, resulting in plenty of billable hours as a reward for recommending a buggy, insecure and easily-hacked environment to their customers.
0
Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

 

Author Comment

by:mmacdougall
ID: 9679672
Well I used NetAlert and it shows that I may have an intruder, but it shows the intruder as hs-20.handling.com

This is a computer on our network
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9679680
One of the best tools I have used to find backdoor trojans is Spy Sweeper.  It does much the same as AdAware does as far as spyware is concerned, but it also detects a lot of backdoor exploits that could be missed by antivirus scans.

You can get a free, fully funtional trial at http://www.webroot.com
0
 

Expert Comment

by:linuxsub
ID: 9682485
Try Intrution Detection tool Snort. It's available for Linux, but I guess u can compile it on windows using cygwin
Otherwise, set up a linux station for this.

http://www.snort.org/
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9682524
linuxsub -

Good idea going forward.  If they're already compromised, they have to root it out now.

BTW, what do you think about the acquisition of SUSE by Novell.  Combined with Ximian, that COULD be a force to be reckoned with in the near future...
0
 

Expert Comment

by:linuxsub
ID: 9682928
Oh Sure. Novell was having a bad time anyway, so this might be their way out.
In any case, I follow business less than others... more interested in tech than business.... until I'm 30, I guess :-).
0
 
LVL 4

Expert Comment

by:Wiired
ID: 9682935
Snort is also available for the Windows enviroment, if you have no desire or knowledge for setting up a linux box in the near future. You can get it here: http://www.sans.org/resources/idfaq/snort.php

Works well, can definately help you in the future.

As for your current issue, I concur with PsiCop. If you are that worried about being compromised, you should have a consultant come in and disect your network. It's the only way you are gonna sleep at night, brother.

And Shine....
On your final note...that could lead to some interesting things later on down the road.....
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9683021
I'll be watching with interest.  Maybe I should buy some stock, too... ;)
0
 
LVL 4

Expert Comment

by:Wiired
ID: 9683194
Kinda like Cisco's "aquisition" of Linksys.....
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9683235
No...  not really...  It would be more like if Cisco bought Foundry and Xylink.  The Linksys acquisition gave Cisco a chunk of the "low end" market, the SOHO's...

This positions Novell to take a good chunk of the future computing market, server through desktop, based on the current trends.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 9686935
Yeah, SuSE is no LinkSys. SuSE is very big in the GEM market, especially in the EU. And note that M$ is under the EU microscope for anti-competitive practices (gee, what surprise). City of Munich recently told Billy-boy to take a hike in favor of SuSE.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Route summarization 9 44
Nexus OS - OSPF Command 3 32
Adding a secondary DC Server 2008R2 10 42
iPad Won't Connect 16 41
Let’s list some of the technologies that enable smooth teleworking. 
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now