Not authorized internal accesses on my pc
Posted on 2006-04-07
at my work place I'm working within a LAN (behind firewall). It seems to me that someone internal (but not authorized) has violated my pc, entering with the admin password (stolen somewhere..). I do not know this password since I'm not the administrator, normally I login with other user privileges.
I'd like to know a method to proof this violation, to reveal past accesses to my machine (logs) possibly only using the command line (I cannot easily install new security detection programs on my pc).
Once I get the IPs that accessed my machine, how can I resolve the name of those machines (i.e. how can I identify the username corresponding to that IP within our LAN) ?
I've just tried to deal with the 'netstat' command but I'd like more suggestions from you.
Sorry for these very easy questions but I'm quite new to security issues ...
My pc is running WinXP while the machine that maybe accessed mine could run either Win or Linux (don't know).
Moreover could you please suggest me an easy and daily method to check for external not authorized accesses to my pc?
Thanks a lot and Best Regards,