|
Posted by Steven L Umbach on July 13, 2005, 8:40 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Well you could use something like Ethereal and configure the capture filter
to capture traffic with source from outside your subnet. Even so that will
probably record a lot of packet activity. A firewall is the best solution
not only to protect your network but record information in it's firewall
logs. Sygate is a personal firewall with extensive logging and it can be
installed and used for it's logging with the firewall is disabled. Until you
use a firewall, you can use ipsec filtering [Windows 2000/XP] or tcp/ip
filtering to help protect your computer. The links below may help. Ethereal
requires you install Wincap also FYI. --- Steve
http://www.ethereal.com/
http://home.insight.rr.com/procana/
http://www.snapfiles.com/Freeware/security/fwfirewall.html -- free for
personal user firewalls including Sygate.
http://www.securityfocus.com/infocus/1559 -- intro into ipsec filtering.
> *** I'm not quite sure in what NS this post fits best, so I set a
> followup-to: microsoft.public.security ***
>
> I get quite a lot of 529 and 680 Failure Audits in the Security Log of the
> Event Viewer. Some folks try (probably mistakenly, hopefully) to get into
> my computer (yes, it's not behind a fw at the moment). So I want to track
> down those Failure Audits with IP addresses of the hosts that cause them.
>
> Does anybody know a (maybe freeware) solution to achieve something like
> that? (Note: I'm talking about future events, it's clear that past ones
> cannot be resolvet to IPs anymore.)
>
> As always, any help would be much appreciated!
>
> Cheers, Juerg
>
> --
> It's time to tune in: http://jradio.ch/
>
| 
XML site map