Intruder

What is the quickest and easiest way to find out if there is an intruder on the network? We have a win 2000 network, thanks
mmacdougallAsked:
Who is Participating?
 
sunray_2003Commented:
Try to use most of the utilities there .each has it own advantages.

Try to configure your firewall and also know how to use the firewall in full.. Because many have firewalls but without proper configuration , hackers can come inside.

Check out the firewall log and also windows 2000 logs to check for unknown ip addresses

Sunray
0
 
sunray_2003Commented:
0
 
PsiCopCommented:
If you have an unprotected (i.e. no firewall) Windoze network connected to the modern-day Internet, then you can pretty much bank on the idea that one or more of your machines have been compromised in one or more ways. Anyone who connects unprotected Windoze to the 'Net is fairly foolish. Even when "protected", the myriad vulnerabilities and flaws in Windoze make it fairly easy to compromise one way or another. Crackers just go for the wholly unprotected systems for the same reason a thief prefers unlocked doors to locked ones - they can get in both, but the unlocked one is easier.

So, if your Windoze network has been unprotected, assume you've been cracked, because you probably have.
0
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

 
mmacdougallAuthor Commented:
Which utility do you suggest
0
 
mmacdougallAuthor Commented:
We are behind a Cisco Pix firewall.

Everyone uses Windows or MSN messenger, can hacks come by using these?
0
 
PsiCopCommented:
Yes, hacks can come in via both those routes.
0
 
mmacdougallAuthor Commented:
And how could I check that
0
 
PsiCopCommented:
Intrusion detection is still mostly an art as opposed to a science. There is no one piece of software that you run and it pops up the answer "You've been hacked!" on your computer screen. It requires time, effort, and some skill to perform intrusion detection in an environment as insecure as Windoze.

If you have reason to believe you environment has been compromised and you don't have the necessary skills to investigate that, then you should seriously consider hiring consultants to review your environment, determine if it has been compromised, fix it if it has, and make recommendations to secure it against further intrusion.
0
 
PsiCopCommented:
This is, of course, the reason VARs and consultants recommend Windoze to their customers in the first place, because they are practically guaranteed a steady stream of callbacks and engagements, resulting in plenty of billable hours as a reward for recommending a buggy, insecure and easily-hacked environment to their customers.
0
 
mmacdougallAuthor Commented:
Well I used NetAlert and it shows that I may have an intruder, but it shows the intruder as hs-20.handling.com

This is a computer on our network
0
 
ShineOnCommented:
One of the best tools I have used to find backdoor trojans is Spy Sweeper.  It does much the same as AdAware does as far as spyware is concerned, but it also detects a lot of backdoor exploits that could be missed by antivirus scans.

You can get a free, fully funtional trial at http://www.webroot.com
0
 
linuxsubCommented:
Try Intrution Detection tool Snort. It's available for Linux, but I guess u can compile it on windows using cygwin
Otherwise, set up a linux station for this.

http://www.snort.org/
0
 
ShineOnCommented:
linuxsub -

Good idea going forward.  If they're already compromised, they have to root it out now.

BTW, what do you think about the acquisition of SUSE by Novell.  Combined with Ximian, that COULD be a force to be reckoned with in the near future...
0
 
linuxsubCommented:
Oh Sure. Novell was having a bad time anyway, so this might be their way out.
In any case, I follow business less than others... more interested in tech than business.... until I'm 30, I guess :-).
0
 
WiiredCommented:
Snort is also available for the Windows enviroment, if you have no desire or knowledge for setting up a linux box in the near future. You can get it here: http://www.sans.org/resources/idfaq/snort.php

Works well, can definately help you in the future.

As for your current issue, I concur with PsiCop. If you are that worried about being compromised, you should have a consultant come in and disect your network. It's the only way you are gonna sleep at night, brother.

And Shine....
On your final note...that could lead to some interesting things later on down the road.....
0
 
ShineOnCommented:
I'll be watching with interest.  Maybe I should buy some stock, too... ;)
0
 
WiiredCommented:
Kinda like Cisco's "aquisition" of Linksys.....
0
 
ShineOnCommented:
No...  not really...  It would be more like if Cisco bought Foundry and Xylink.  The Linksys acquisition gave Cisco a chunk of the "low end" market, the SOHO's...

This positions Novell to take a good chunk of the future computing market, server through desktop, based on the current trends.
0
 
PsiCopCommented:
Yeah, SuSE is no LinkSys. SuSE is very big in the GEM market, especially in the EU. And note that M$ is under the EU microscope for anti-competitive practices (gee, what surprise). City of Munich recently told Billy-boy to take a hike in favor of SuSE.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.