Solved

Hackers

Posted on 2006-11-29
5
252 Views
Last Modified: 2010-04-18
Someone is really trying to get into my server. When I look at the event log it looks like its several different people from several different IP addresses from all over the world, but the usernames are consistent which makes me think its one person only. its not the usual administrator/password combination but a username that makes me think this person knows me. I dont know too much of hacking, how is it possible though that the IP addresses/workstations are always different? Am I just wasting my time blocking those IPs one by one? Is there a way to find out who is he/his real IP address? Or what can I do? Any suggestions?
0
Comment
Question by:Cubbybulin
  • 3
5 Comments
 
LVL 10

Expert Comment

by:Chris_Gralike
ID: 18037756
Instead of the IP he is using (wich might and most prob will be public proxy), why dont you block the port he is opperating on.

Or if you have IDS available you can try and find certain signatures in the packets. There is bound to be client information in the header of the tcp packets. But thats far streached for most...
0
 

Author Comment

by:Cubbybulin
ID: 18037810
It says: Source Port: 0
We dont have IDS - what is a good one/good price? Thanks! Is there a program that could find him?
0
 
LVL 26

Accepted Solution

by:
MidnightOne earned 250 total points
ID: 18041913
Cubbybulin:

For free, it's hard to beat Snort. http://www.snort.org/

HTH

MidnightOne
0
 
LVL 10

Assisted Solution

by:Chris_Gralike
Chris_Gralike earned 250 total points
ID: 18053014
Snort is indeed a verry good choice. Next to that, you can simply block port 0.

This is a common tactic in attempt to bypass the firewall wich "might" have a badly written rules in there. Most administrators dont realise there even "is" a port 0 and guess that port 1 is the first in the range.

Also on snort, you might need some basic linux knowledge and a switch / router / firewall that allows port forwarding..

-Regards,

0
 
LVL 10

Expert Comment

by:Chris_Gralike
ID: 18053019
or a old fashion Hub that is ;-)
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
inactive users 13 78
Shadow copies windows server 2003 2 86
Connecting two servers 30 83
Access denied running PowerPivot -SQL Server 2014 on Windows Server 2012 10 30
Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question