• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 288
  • Last Modified:

Hackers

Someone is really trying to get into my server. When I look at the event log it looks like its several different people from several different IP addresses from all over the world, but the usernames are consistent which makes me think its one person only. its not the usual administrator/password combination but a username that makes me think this person knows me. I dont know too much of hacking, how is it possible though that the IP addresses/workstations are always different? Am I just wasting my time blocking those IPs one by one? Is there a way to find out who is he/his real IP address? Or what can I do? Any suggestions?
0
Cubbybulin
Asked:
Cubbybulin
  • 3
2 Solutions
 
Chris GralikeSpecialistCommented:
Instead of the IP he is using (wich might and most prob will be public proxy), why dont you block the port he is opperating on.

Or if you have IDS available you can try and find certain signatures in the packets. There is bound to be client information in the header of the tcp packets. But thats far streached for most...
0
 
CubbybulinAuthor Commented:
It says: Source Port: 0
We dont have IDS - what is a good one/good price? Thanks! Is there a program that could find him?
0
 
MidnightOneCommented:
Cubbybulin:

For free, it's hard to beat Snort. http://www.snort.org/

HTH

MidnightOne
0
 
Chris GralikeSpecialistCommented:
Snort is indeed a verry good choice. Next to that, you can simply block port 0.

This is a common tactic in attempt to bypass the firewall wich "might" have a badly written rules in there. Most administrators dont realise there even "is" a port 0 and guess that port 1 is the first in the range.

Also on snort, you might need some basic linux knowledge and a switch / router / firewall that allows port forwarding..

-Regards,

0
 
Chris GralikeSpecialistCommented:
or a old fashion Hub that is ;-)
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now