Solved

Hackers

Posted on 2006-11-29
5
270 Views
Last Modified: 2010-04-18
Someone is really trying to get into my server. When I look at the event log it looks like its several different people from several different IP addresses from all over the world, but the usernames are consistent which makes me think its one person only. its not the usual administrator/password combination but a username that makes me think this person knows me. I dont know too much of hacking, how is it possible though that the IP addresses/workstations are always different? Am I just wasting my time blocking those IPs one by one? Is there a way to find out who is he/his real IP address? Or what can I do? Any suggestions?
0
Comment
Question by:Cubbybulin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 11

Expert Comment

by:Chris Gralike
ID: 18037756
Instead of the IP he is using (wich might and most prob will be public proxy), why dont you block the port he is opperating on.

Or if you have IDS available you can try and find certain signatures in the packets. There is bound to be client information in the header of the tcp packets. But thats far streached for most...
0
 

Author Comment

by:Cubbybulin
ID: 18037810
It says: Source Port: 0
We dont have IDS - what is a good one/good price? Thanks! Is there a program that could find him?
0
 
LVL 26

Accepted Solution

by:
MidnightOne earned 250 total points
ID: 18041913
Cubbybulin:

For free, it's hard to beat Snort. http://www.snort.org/

HTH

MidnightOne
0
 
LVL 11

Assisted Solution

by:Chris Gralike
Chris Gralike earned 250 total points
ID: 18053014
Snort is indeed a verry good choice. Next to that, you can simply block port 0.

This is a common tactic in attempt to bypass the firewall wich "might" have a badly written rules in there. Most administrators dont realise there even "is" a port 0 and guess that port 1 is the first in the range.

Also on snort, you might need some basic linux knowledge and a switch / router / firewall that allows port forwarding..

-Regards,

0
 
LVL 11

Expert Comment

by:Chris Gralike
ID: 18053019
or a old fashion Hub that is ;-)
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question