November 5th, 2003, 04:10 AM
Things To Look For In Event Log
What things should I look for in XP's Event Log, that might possibly indicate a successful security breach?
November 5th, 2003, 04:38 AM
I wouldn't rely on event log, even though you could probably tell by the title of the log. I would install a firewall with good logging features along with an IDS, then you will know if you've been breached which wouldn't be likely to happen if you have a firewall. There should be some info on microsofts site about what all the event logs mean, I know it has been talked about before here.
November 5th, 2003, 10:52 AM
Event viewer is very limited as far as telling you detailed information about possible attacks. If you feel adventurous, take a crap box, with XP on it, on raw internet, no firewall...You'll notice a crapload of activity coming through that almost looks too obvious.
I got an interesting one the other day just playing around, a failed login attempt from user: HACKTHIS
Now if thats just not ironic Its obviously someone who's dumber than a post, or has a sense of humor
Creating further mindless stupidity....through mindless automation.
November 5th, 2003, 11:38 AM
It is also very dependant on what you have turned on in the event logs. If you only have security swiched on you really only get security info. Turn on object access, process tracking etc and you will see a lot more..... It gets more confusing but for a better picture you use a higher resolution monitor - same applies to the event log.
Though I concur with heretic. For secure boxes the event log should only be used as a small part of the picture.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides