Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Locate internal Hacker by IP address?

Status
Not open for further replies.
Brianc2k

Brianc2k

Vendor
Jan 12, 2000
72
0
0
US
We have a hacker who is attempting to login as Admin late in the evening. I have been able to determine that the attempts are not coming through our Gateway/Router. Therefore the attempts are taking place on one of the computers within the school.

We have assigned IP addresses for all systems. Can I audit the Admin account and learn which workstation IP address the hacker is using? Or, is there another tool I can use to find this individual?

I feel the Admin password is secure and has not been compromised. But I still need to find this person and terminate these attempts. Any suggestions would be helpful Thanks.
 
Sort by date Sort by votes
Look at the Admin account in NwAdmin under Intruder Lockout. It should tell you the last address where login was unsuccessful. You should be able to trace it from there. -----------------------------------------------------
"It's true, its damn true!"
-----------------------------------------------------
 
Upvote 0 Downvote
The Admin account remains locked. It was reset at 1/23/02 about an hour later then the hack attempt. The last address where login was unsuccessful is blank.

I will unlock the admin account and hope that next time an entry will be there. If all goes with the trend another attempt will be made in the next two nights. I will post the results.
 
Upvote 0 Downvote
Another attempt was made last night 9:33 pm. Again there is no IP address in the Intruder Lockout screen through NDS. We have a Citrix server that is used for keyboarding class only. It serves 24 students. This morning I had a license error on the server. It warned me I was getting close to the maximum licenses and the workstations were physically turned off. No one else was in the building yet. That Citrix server bridges over to NDS so the students can get to their files. I wonder if the Citrix server has been hacked and someone is trying to get into our NetWare from that side.

Thanks Theripper. I will look into that software today. Once I do find the solution I will post. If any one else has any ideas please respond. Thanks.
 
Upvote 0 Downvote
there is also away, however i am unsure how to do it. you can setup up novell so that you can only login to the admin account from a single computer. you do this by telling it to only let you login from that ip i think.
 
Upvote 0 Downvote
What painiest is suggesting is by setting Network Address Restrictions you can restrict where the Admin account can log in. However, if you want to do this, I would very strongly suggest configuring upto five machines where the admin account can log onto. If a single machine is configured and that machine fails for any reason, do you want to risk not being able to log into your admin account?? -----------------------------------------------------
"It's true, its damn true!"
-----------------------------------------------------
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

fbizzell
  • Locked
  • Question
Open File Manager by St. Benard
Replies
0
Views
59
fbizzell
fbizzell
Ymax18
  • Locked
  • Question
Does Citrix XenDesktop require a static IP?
Replies
0
Views
63
Ymax18
Ymax18
porkchopexpress
  • Locked
  • Question
Unique IP address for each client
Replies
5
Views
78
itsp1965
itsp1965
smittywes38
  • Locked
  • Question
Internet Connection with Static address
Replies
3
Views
64
goombawaho
goombawaho
pentode
  • Locked
  • Question
nss-wins "synchronized" to external IP address?
Replies
0
Views
37
pentode
pentode

Part and Inventory Search

Sponsor

Back
Top