Solved

Intruder

Posted on 2003-11-04
19
411 Views
Last Modified: 2010-04-11
What is the quickest and easiest way to find out if there is an intruder on the network? We have a win 2000 network, thanks
0
Comment
Question by:mmacdougall
  • 5
  • 4
  • 4
  • +3
19 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9679503
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 9679528
If you have an unprotected (i.e. no firewall) Windoze network connected to the modern-day Internet, then you can pretty much bank on the idea that one or more of your machines have been compromised in one or more ways. Anyone who connects unprotected Windoze to the 'Net is fairly foolish. Even when "protected", the myriad vulnerabilities and flaws in Windoze make it fairly easy to compromise one way or another. Crackers just go for the wholly unprotected systems for the same reason a thief prefers unlocked doors to locked ones - they can get in both, but the unlocked one is easier.

So, if your Windoze network has been unprotected, assume you've been cracked, because you probably have.
0
 

Author Comment

by:mmacdougall
ID: 9679530
Which utility do you suggest
0
 

Author Comment

by:mmacdougall
ID: 9679546
We are behind a Cisco Pix firewall.

Everyone uses Windows or MSN messenger, can hacks come by using these?
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 9679561
Yes, hacks can come in via both those routes.
0
 

Author Comment

by:mmacdougall
ID: 9679569
And how could I check that
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 500 total points
ID: 9679579
Try to use most of the utilities there .each has it own advantages.

Try to configure your firewall and also know how to use the firewall in full.. Because many have firewalls but without proper configuration , hackers can come inside.

Check out the firewall log and also windows 2000 logs to check for unknown ip addresses

Sunray
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 9679620
Intrusion detection is still mostly an art as opposed to a science. There is no one piece of software that you run and it pops up the answer "You've been hacked!" on your computer screen. It requires time, effort, and some skill to perform intrusion detection in an environment as insecure as Windoze.

If you have reason to believe you environment has been compromised and you don't have the necessary skills to investigate that, then you should seriously consider hiring consultants to review your environment, determine if it has been compromised, fix it if it has, and make recommendations to secure it against further intrusion.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 9679634
This is, of course, the reason VARs and consultants recommend Windoze to their customers in the first place, because they are practically guaranteed a steady stream of callbacks and engagements, resulting in plenty of billable hours as a reward for recommending a buggy, insecure and easily-hacked environment to their customers.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:mmacdougall
ID: 9679672
Well I used NetAlert and it shows that I may have an intruder, but it shows the intruder as hs-20.handling.com

This is a computer on our network
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9679680
One of the best tools I have used to find backdoor trojans is Spy Sweeper.  It does much the same as AdAware does as far as spyware is concerned, but it also detects a lot of backdoor exploits that could be missed by antivirus scans.

You can get a free, fully funtional trial at http://www.webroot.com
0
 

Expert Comment

by:linuxsub
ID: 9682485
Try Intrution Detection tool Snort. It's available for Linux, but I guess u can compile it on windows using cygwin
Otherwise, set up a linux station for this.

http://www.snort.org/
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9682524
linuxsub -

Good idea going forward.  If they're already compromised, they have to root it out now.

BTW, what do you think about the acquisition of SUSE by Novell.  Combined with Ximian, that COULD be a force to be reckoned with in the near future...
0
 

Expert Comment

by:linuxsub
ID: 9682928
Oh Sure. Novell was having a bad time anyway, so this might be their way out.
In any case, I follow business less than others... more interested in tech than business.... until I'm 30, I guess :-).
0
 
LVL 4

Expert Comment

by:Wiired
ID: 9682935
Snort is also available for the Windows enviroment, if you have no desire or knowledge for setting up a linux box in the near future. You can get it here: http://www.sans.org/resources/idfaq/snort.php

Works well, can definately help you in the future.

As for your current issue, I concur with PsiCop. If you are that worried about being compromised, you should have a consultant come in and disect your network. It's the only way you are gonna sleep at night, brother.

And Shine....
On your final note...that could lead to some interesting things later on down the road.....
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9683021
I'll be watching with interest.  Maybe I should buy some stock, too... ;)
0
 
LVL 4

Expert Comment

by:Wiired
ID: 9683194
Kinda like Cisco's "aquisition" of Linksys.....
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9683235
No...  not really...  It would be more like if Cisco bought Foundry and Xylink.  The Linksys acquisition gave Cisco a chunk of the "low end" market, the SOHO's...

This positions Novell to take a good chunk of the future computing market, server through desktop, based on the current trends.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 9686935
Yeah, SuSE is no LinkSys. SuSE is very big in the GEM market, especially in the EU. And note that M$ is under the EU microscope for anti-competitive practices (gee, what surprise). City of Munich recently told Billy-boy to take a hike in favor of SuSE.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now