what's the IP? lol -----Original Message----- From: Jim Kenzig http://thin.net [mailto:jimkenz@xxxxxxxxxxxxxx] Sent: 03 March 2004 14:41 To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: Security You are wasting your time trying to "track" them. Most are in Tawain, China or Russia. I am not sure what they are trying to get passwords to on your system that is open to the world. If it is Terminal Services you should enable all login success and failures and set it up so the accout is temporarily disabled after so many failures. This discourages most hackers. In your firewall you should set it up so only allowed IP's can TS in. For IIS you can do it the same way or set up IP authentication. If you have set up your system correctly and enforce strong passwords, you should have no worries about how often or how long people try to hack at it. For example you can try and FTP into my server until you are blue in the face but unless you are coming from an approved IP and then have the proper username and password you'll never get in. JK -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Bill Beckett Sent: Wednesday, March 03, 2004 9:14 AM To: 'windows2000@xxxxxxxxxxxxx' Subject: [windows2000] Security How do you guys (aka the list) handle tracking down hackers without IDS? I know there is a program out there (can't remember the name) that will allow a hacker to scan systems for valid accounts. These accounts, of course, can be disabled but if some are enabled they can just start firing off random passwords. I can see entries/attempts in our sec log but there is no IP to trace them back to. ******************************************************** This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out our games to relieve your stress. http://www.StressedPuppy.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm **************************************************************************************** This email and any files transmitted with it may contain information which is privileged and confidential, the disclosure of which is prohibited by law and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please note any dissemination, distribution or copying of this message is strictly prohibited. Please notify the sender immediately if you have received this email by mistake and delete it from your system. Email transmissions cannot be guaranteed to be secure or error-free as information can be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of email transmission. If verification is required please request a hard copy version. Thank you for your co-operation. **************************************************************************************** ******************************************************** This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out our games to relieve your stress. http://www.StressedPuppy.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm