Windows 2k/XP Log Files

[Tiger Shark]

Pooh: I don't see any insult, nor did I intend to insult you or anyone else. If I did I apologize.

I haven't been "burned".... I haven't been hacked ever.... to my knowledge.....

Let me clarify my position a little here......... There are three kinds of "hats":-

1. Whitehats
2. Greyhats
3. Blackhats.

Whitehats are the good guys.... They are the ones that work on security, for security from the defender's point of view. I have nothing to fear from them.

Greyhats are the ones who work on security, for security from an attackers point of view. They warn the vendor, publish their results and suggest methods of mitigation until the patches arrive. I have nothing to fear from them.

Blackhats are a different breed altogether. They work on security for _in_security from an attackers point of view. They do not warn the vendors, publish their results or do anything else beneficial other than the eventual benefit that thier work is uncovered, analyzed and published by the other "hats" _or_ they "publish" their "results" into the malicious world to be used by others with malicious intent against those who do not know how to protect themselves. I have something to fear from these people. Their intent is self serving. Whatever their eventual goal is they move forward trashing systems, lives etc. with no regard for the rule of law or even civil behaviour. When they are done they let the less talented use their knowledge in handy dandy little packages, (scripts etc.), to unleashed their particular brand of mayhem upon others.

I fail to understand what you don't see here. People who maliciously attack others be it physically or virtually are criminals yet you are supporting them as I said in my previous post like they are some kind of "knights in slightly tainted armour". There is nothing honorable about them or their intentions. They are there for personal gain, (whatever they see that as), regardless of the cost to others.

You will note that throughout this exchange I have maintained a single thread.... the concept of malicious behaviour. This isn't a fun thing, nor is it an acceptable thing. It is behaviour designed to harm others. Sorry, but in my code of ethics that is unacceptable. I see myself as someone better able to protect myself, (both physically and virtually), than your average Joe on the street and, as such, have always "championed the underdog" both physically and in the virtual world. I am capable, (physically and virtually), of "picking on" a very large subset of the population just as a thug or a blackhat would do. But I chose not to. The fact is, I chose to use the physical and virtual "power" I have against those people who would harm the less "adept".

Now, maybe, you can see that I'm not picking on you for being a grey hat. Now, maybe, You can better understand the way _I_ see the world and understand that it is not unbalanced and is not based in anger or in frustration. I tend not to get angry - it clouds my thinking when I plan my response...... .

As to the end of our "friendship".... I wasn't actually aware that we had anything in particular going on.... I don't have a lot of friends because most people simply do not measure up to the standards I set. Having said that I have seen nothing in the past from you that would exclude your from the rather small group I do dub friends. Your choice, I'm not one to force people to do things they don't want.

[pooh sun tzu]

Pooh: I don't see any insult, nor did I intend to insult you or anyone else. If I did I apologize.

Accepted.

I fail to understand what you don't see here. People who maliciously attack others be it physically or virtually are criminals yet you are supporting them as I said in my previous post like they are some kind of "knights in slightly tainted armour". There is nothing honorable about them or their intentions. They are there for personal gain, (whatever they see that as), regardless of the cost to others.

I said no one here was a blackhat, and thus do not treat new people to the forums as if they are. There is a difference between being silent and learning what kind of person someone may be, and dilberatly asking "what are you why prove it OMFG its illegal are you sure what are you going to do" and shoving them away. The only person I am defending here, is the parent poster, to whom you have somehow seen him to be a blackhat set to place havok across the world. I know you didn't say that, but I'm sure he felt that way. People's responces to anything not 100% whitehat within this forum are automagically flamed, questioned, and treated like a criminal. What a warm welcome into a community that could not only offer that person knowledge, but guide them.

Sorry, but in my code of ethics that is unacceptable. I see myself as someone better able to protect myself, (both physically and virtually), than your average Joe on the street and, as such, have always "championed the underdog" both physically and in the virtual world. I am capable, (physically and virtually), of "picking on" a very large subset of the population just as a thug or a blackhat would do. But I chose not to. The fact is, I chose to use the physical and virtual "power" I have against those people who would harm the less "adept".

Let's ditch the elitism, and get back on the subject, shall we? Subject being, you either help or you don't. Never preassume someone is good or bad because of their ability to type words.

Now, maybe, you can see that I'm not picking on you for being a grey hat. Now, maybe, You can better understand the way _I_ see the world and understand that it is not unbalanced and is not based in anger or in frustration. I tend not to get angry - it clouds my thinking when I plan my response...... .

Something clouded it long enough for you to, instead of welcoming this new person who wanted information, treat him as the next possible cyber terrorist. Instead of showing him the ropes, taking a few minutes to hand information along with guidelines, you question as it he was a civilian bomber. Don't ever throw away the opprotunity to help someone rather than hurt. By guiding him and teaching him ethics, you help him build character... and maybe even a future whitehat. Why is this so important? Here is why:

BECAUSE HE IS GOING TO GET THE INFORMATION WHETHER YOU HELP HIM OR NOT, SO WHY NOT GIVE IT TO HIM WHILE ALSO TEACHING HIM RIGHT FROM WRONG

I have nothing further to say in this thread.

[whyjnot]

amen

[Tiger Shark]

Pooh: I don't help people that might be about to commit a crime just the same as I won't pick up a gun and hand it to the person walking into the bank who dropped it. They could be a police officer, but until I know that their gun will be stepped on and they have to move me. Make the move to move me and I get pissy..... show me your badge and I'll pick up the gun, hand it to him and ask if there is anything I can do to help.

I don't just blindly give out information. As I said "It's my job" to make those who have malicious intent's lives more difficult, (yours too actually - even as a grey hat otherwise you are approaching that _really_ dark grey that becomes indistinguishable from "light" black...). If someone with no malicious intent asks for information that could be used maliciously then they understand when someone asks "why". They only get "put out" if they want the information to do harm in the first place.

You seem to be under the impression that blackhats are all talented individuals that don't need any assistance. I believe you are wrong. "Blackhat" is a statement of intent not of skill. The most clueless skiddie in the world is a blackhat because their _intent_ is malicious. Similarly grey/whitehat is also a statement of intent not skill. There are clueless admins, (Oh Lordy how many there are ), that are still whitehats due to their lack of malicious intent.

I've said it before Pooh, and I'll say it again....... It's not the inability to type words that made me question Spy's intent. It was a badly worded post that, when further information was requested, no additional information was forthcoming. That's odd. Things that are "odd" in this business are things that absolutely require questioning. Someone with no malicious intent would not be unhappy revealing some more detail and when they did it would at least be consistent with the initial statement. To be honest, Spy's was sufficiently inconsistent for me to still have doubts about his intent. I am fully aware of the fact I might be wrong but I have to err on the side of caution. That business that he has access too could be my father's.... Think how friggin' silly I'm going to look explaining to Dad that I was the one that helped Spy ruin his business...... That's me cut out of what is left of the will for a start.... <LOL>

Finally.......

By guiding him and teaching him ethics, you help him build character... and maybe even a future whitehat.

Pooh, go back and carefully read your posts in this thread, especially those that were directed at Spy. You will note the alarming lack of _any_ counselling with regard to ethics or guidance of any sort from you yet you chose to castigate me because I didn't respond in the same fashion as you. At least my questioning and my statements were clear indicators to Spy that he appears to to have done something bad that is not generally appreciated in the real world or here on AO. Funnily enough, I gave him the answer he probably needed even after my distrust of his motives. So please, don't hold me up as obstructionist and a nasty person when you are saying one thing and doing another. I, at least, am consistent whether or not you like my position.

[pooh sun tzu]

I, at least, am consistent whether or not you like my position.

Time to get off your high throne. I offer information because I already have information concerning him. Do not dare to assume (you do that a lot) that I did not understand the circumstances. If I had no information (as you did not) then guidelines would have been put in place.

Tiger, no one is impressed. You must learn to hesitate in speaking, because you run foward to massive assumptions before you even learn what is going on.

Someone close the thread.

[Tiger Shark]

"Nazi's"

There...... The thread has degenerated to the point where this word has been used and the thread is therefore automatically been closed by the invocation of whats-his-names- law.

Happy now.....

PS: If you had information about Spy you could have offered it and saved us all this grief..... and to steal from Major David Stirling "Who dares wins"..... and I shall continue to dare whatever I please whenever I please it.... It's my ass going on the line..... You don't need to worry about it... It has broad shoulders above it too.

[DjM]

Sorry Tiger, I said I would stay out of this but ......

Originally posted here by pooh sun tzu
Time to get off your high throne.

Take a look in a mirror pooh, I have seen more that one thread from you in which you get into these heated battles and no matter what is said, you always have to be right and the other person has always got to be wrong . Take a pill and calm down there are other people on this board that know what they are talking too.

Security professionals by their very nature are a paranoid bunch, if your not, your likely not a very good security person. Tiger is paranoid, it seems to have severed him well so far.

Originally posted here by pooh sun tzu
Tiger, no one is impressed.

Now your jumping to conclusions, I'm impressed!

Originally posted here by pooh sun tzu
Someone close the thread.

I don't think that's going to happen, I bet the mod's are getting as much of a chuckle out of this as everyone else is.

Cheers:

[pooh sun tzu]

Security professionals by their very nature are a paranoid bunch, if your not, your likely not a very good security person.

You are only paranoid if you do not understand the situation. Learn how a system works, and there is very little to be paranoid over.

I bet the mod's are getting as much of a chuckle out of this as everyone else is.

Wait, who else is laughing? I'm getting PM's, pos points, and people agreeing with me on the thread in regards to my stance of "helping and guiding" instead of "questioning to death". No, that isn't bragging, but I'm showing you that no one is impressed with his 'paranoia'. He was rude instead of helpful to the parent poster, end of story.

[Spydrpop]

I dont exactly have the time atm to make a long and serious post regarding all of the replies here. But I will say this:

You should not assume that everyone intends to participate in illegal actions based upon what they learn. I intend solely to use this information in a manner suiting to the law of the united states of america. I have no reason to not adhere to the law.

I just wanted information. Information that could have been found on google, *minus the twenty hours or so in finding it*, although that information may or may not be accurate, i was looking more for proffesional opinion.

Your opinion does not need to involve giving any personal background information. Me saying

"Where does Windows store log files?"

Should not be replied to as...well...how it was replied to as. I suppose I should not have included any information regarding my purposes or intent period, as if I would not have done, I may have gotten a more clear, LESS biased answer.

If my assumptions are correct, then Pooh has seen and understood that which I may be trying to do. I have noticed through lurking here, that 1:4 posts that start off nicely, just someone asking a simple question, get turned into, "Your pursuing illegal actions" That of which 99% of us are not. You assume quickly, and incorrectly. Do people a favor by giving them information they want and need. Wanting to know where windows stores log files isa legit question imo and should not have been replied to as such.

However, there are a few people who have seen what I meant and have replied accordingly. I thank you for that.

And to more knowledge questing:

-I looked at my EventViewer and noticed that there IS nothing in the 'Security' section. Would anyone happen to know why this is? Surely windows does log intrustion attempts, portscans, and the like. Or will I have to rely on my firewall logs for that?

[pooh sun tzu]

-I looked at my EventViewer and noticed that there IS nothing in the 'Security' section. Would anyone happen to know why this is? Surely windows does log intrustion attempts, portscans, and the like. Or will I have to rely on my firewall logs for that?

-shakes head-

It does not record intrusion attempts, port scans, etc because it is not an IDS nor firewall. AFAIK, a nix based system won't either, since log handling for security is controlled by iptables/chains. However, unlike Windows, nearly every service on a *nix distro has its own log file handling which is sent to /var/log. With Windows, unless you get 3rd party services (ftp, etc) that specifically log activity (apache for example logs proper accesses and failed accesses)... then you are in fact flying blind.

My best recommendation for Windows logs is to make sure the 3rd party program supports it. Now don't think Windows logging in the area I showed you is limited, not at all. You can set group policys and procedures to call certain events to the event/security log. Improper logins, banned accounts, etc etc, can logged so long as you tell it to. But that brings us back to my point, for the -kind- of logs you are looking for, 3rd party logs according to each service is your only hope.