Intruder

What is the quickest and easiest way to find out if there is an intruder on the network? We have a win 2000 network, thanks
mmacdougallAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sunray_2003Commented:
PsiCopCommented:
If you have an unprotected (i.e. no firewall) Windoze network connected to the modern-day Internet, then you can pretty much bank on the idea that one or more of your machines have been compromised in one or more ways. Anyone who connects unprotected Windoze to the 'Net is fairly foolish. Even when "protected", the myriad vulnerabilities and flaws in Windoze make it fairly easy to compromise one way or another. Crackers just go for the wholly unprotected systems for the same reason a thief prefers unlocked doors to locked ones - they can get in both, but the unlocked one is easier.

So, if your Windoze network has been unprotected, assume you've been cracked, because you probably have.
mmacdougallAuthor Commented:
Which utility do you suggest
SolarWinds® IP Control Bundle (IPCB)

Combines SolarWinds IP Address Manager and User Device Tracker to help detect IP conflicts, quickly identify affected systems, and help your team take near instantaneous action. Help improve visibility and enhance reliability with SolarWinds IP Control Bundle.

mmacdougallAuthor Commented:
We are behind a Cisco Pix firewall.

Everyone uses Windows or MSN messenger, can hacks come by using these?
PsiCopCommented:
Yes, hacks can come in via both those routes.
mmacdougallAuthor Commented:
And how could I check that
sunray_2003Commented:
Try to use most of the utilities there .each has it own advantages.

Try to configure your firewall and also know how to use the firewall in full.. Because many have firewalls but without proper configuration , hackers can come inside.

Check out the firewall log and also windows 2000 logs to check for unknown ip addresses

Sunray

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PsiCopCommented:
Intrusion detection is still mostly an art as opposed to a science. There is no one piece of software that you run and it pops up the answer "You've been hacked!" on your computer screen. It requires time, effort, and some skill to perform intrusion detection in an environment as insecure as Windoze.

If you have reason to believe you environment has been compromised and you don't have the necessary skills to investigate that, then you should seriously consider hiring consultants to review your environment, determine if it has been compromised, fix it if it has, and make recommendations to secure it against further intrusion.
PsiCopCommented:
This is, of course, the reason VARs and consultants recommend Windoze to their customers in the first place, because they are practically guaranteed a steady stream of callbacks and engagements, resulting in plenty of billable hours as a reward for recommending a buggy, insecure and easily-hacked environment to their customers.
mmacdougallAuthor Commented:
Well I used NetAlert and it shows that I may have an intruder, but it shows the intruder as hs-20.handling.com

This is a computer on our network
ShineOnCommented:
One of the best tools I have used to find backdoor trojans is Spy Sweeper.  It does much the same as AdAware does as far as spyware is concerned, but it also detects a lot of backdoor exploits that could be missed by antivirus scans.

You can get a free, fully funtional trial at http://www.webroot.com
linuxsubCommented:
Try Intrution Detection tool Snort. It's available for Linux, but I guess u can compile it on windows using cygwin
Otherwise, set up a linux station for this.

http://www.snort.org/
ShineOnCommented:
linuxsub -

Good idea going forward.  If they're already compromised, they have to root it out now.

BTW, what do you think about the acquisition of SUSE by Novell.  Combined with Ximian, that COULD be a force to be reckoned with in the near future...
linuxsubCommented:
Oh Sure. Novell was having a bad time anyway, so this might be their way out.
In any case, I follow business less than others... more interested in tech than business.... until I'm 30, I guess :-).
WiiredCommented:
Snort is also available for the Windows enviroment, if you have no desire or knowledge for setting up a linux box in the near future. You can get it here: http://www.sans.org/resources/idfaq/snort.php

Works well, can definately help you in the future.

As for your current issue, I concur with PsiCop. If you are that worried about being compromised, you should have a consultant come in and disect your network. It's the only way you are gonna sleep at night, brother.

And Shine....
On your final note...that could lead to some interesting things later on down the road.....
ShineOnCommented:
I'll be watching with interest.  Maybe I should buy some stock, too... ;)
WiiredCommented:
Kinda like Cisco's "aquisition" of Linksys.....
ShineOnCommented:
No...  not really...  It would be more like if Cisco bought Foundry and Xylink.  The Linksys acquisition gave Cisco a chunk of the "low end" market, the SOHO's...

This positions Novell to take a good chunk of the future computing market, server through desktop, based on the current trends.
PsiCopCommented:
Yeah, SuSE is no LinkSys. SuSE is very big in the GEM market, especially in the EU. And note that M$ is under the EU microscope for anti-competitive practices (gee, what surprise). City of Munich recently told Billy-boy to take a hike in favor of SuSE.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.