[windows2000] Re: Security

  • From: "Jim Kenzig http://thin.net" <jimkenz@xxxxxxxxxxxxxx>
  • To: windows2000@xxxxxxxxxxxxx
  • Date: Wed, 3 Mar 2004 09:40:48 -0500

You are wasting your time trying to "track" them. Most are in Tawain, China
or Russia.
I am not sure what they are trying to get passwords to on your system that
is open to the world. If it is Terminal Services you should enable all login
success and failures and set it up so the accout is temporarily disabled
after so many failures.
This discourages most hackers.  In your firewall you should set it up so
only allowed IP's can TS in.  For IIS you can do it the same way or set up
IP authentication. If you have set up your system correctly and enforce
strong passwords, you should have no worries about how often or how long
people try to hack at it.  For example you can try and FTP into my server
until you are blue in the face but unless you are coming from an approved IP
and then have the proper username and password you'll never get in.

-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Bill Beckett
Sent: Wednesday, March 03, 2004 9:14 AM
To: 'windows2000@xxxxxxxxxxxxx'
Subject: [windows2000] Security

How do you guys (aka the list) handle tracking down hackers without IDS? I
know there is a program out there (can't remember the name) that will allow
a hacker to scan systems for valid accounts. These accounts, of course, can
be disabled but if some are enabled they can just start firing off random
passwords. I can see entries/attempts in our sec log but there is no IP to
trace them back to.
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
To Unsubscribe, set digest or vacation
mode or view archives use the below link.


Other related posts: