Cubbybulin
asked on
Hackers
Someone is really trying to get into my server. When I look at the event log it looks like its several different people from several different IP addresses from all over the world, but the usernames are consistent which makes me think its one person only. its not the usual administrator/password combination but a username that makes me think this person knows me. I dont know too much of hacking, how is it possible though that the IP addresses/workstations are always different? Am I just wasting my time blocking those IPs one by one? Is there a way to find out who is he/his real IP address? Or what can I do? Any suggestions?
ASKER
It says: Source Port: 0
We dont have IDS - what is a good one/good price? Thanks! Is there a program that could find him?
We dont have IDS - what is a good one/good price? Thanks! Is there a program that could find him?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
or a old fashion Hub that is ;-)
Or if you have IDS available you can try and find certain signatures in the packets. There is bound to be client information in the header of the tcp packets. But thats far streached for most...