troubleshooting Question

hacker trace procedure

Avatar of dshuang5858
dshuang5858 asked on
OS Security
7 Comments3 Solutions374 ViewsLast Modified:
Dear security experts,

I have a client recently has a lot of admin and administrator password attacks, and each session last only about 20mins.  I've looked into the eventlog and Microsoft network monitor, both of them provide me with IP address all over the world, but it look like systematic attack (orgainzed attack) which I don't think any of the address are the real attacker.  They might just been routed to or taking over for this attack.  Each session take roughly 20mins +/- 1min.  It always changes over from admin query to administrator query after few admin query try.  My question is, is there an good network trace tool that I can pin down who really is trying to attack the system?  Please advise!  I'll reward 500pts for the best answer!
ASKER CERTIFIED SOLUTION
CoccoBill

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 3 Answers and 7 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 3 Answers and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros