Results 1 to 4 of 4

Thread: Things To Look For In Event Log

  1. #1
    Junior Member
    Join Date
    Jul 2003

    Question Things To Look For In Event Log


    What things should I look for in XP's Event Log, that might possibly indicate a successful security breach?


  2. #2
    Elite Hacker
    Join Date
    Mar 2003
    I wouldn't rely on event log, even though you could probably tell by the title of the log. I would install a firewall with good logging features along with an IDS, then you will know if you've been breached which wouldn't be likely to happen if you have a firewall. There should be some info on microsofts site about what all the event logs mean, I know it has been talked about before here.

  3. #3
    Senior Member
    Join Date
    Oct 2003
    Event viewer is very limited as far as telling you detailed information about possible attacks. If you feel adventurous, take a crap box, with XP on it, on raw internet, no firewall...You'll notice a crapload of activity coming through that almost looks too obvious.

    I got an interesting one the other day just playing around, a failed login attempt from user: HACKTHIS

    Now if thats just not ironic Its obviously someone who's dumber than a post, or has a sense of humor
    Creating further mindless stupidity....through mindless automation.

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    It is also very dependant on what you have turned on in the event logs. If you only have security swiched on you really only get security info. Turn on object access, process tracking etc and you will see a lot more..... It gets more confusing but for a better picture you use a higher resolution monitor - same applies to the event log.

    Though I concur with heretic. For secure boxes the event log should only be used as a small part of the picture.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts