Cool, NT, stability <cough>. What do you mean by shutdown? What kind of
firewall was run on the NT server? Did the whole system bluescreen or
shutdown, or did the firewall in place fail closed? Part of the problem
here is a lack of information on what you are trying to determine
happened, as well as whether or not there was a IDS system in place to log
an attack if it indeed did occur, let alone the direction of the issue, it
well could have been something lauched from inside as others have and will
mention.
Thanks,
Ron DuFresne
On Wed, 24 Oct 2001, David Ng wrote:
> Dear all,
> We have a NT network that was hit the other day, in the sense that it
> was remotely shutdown by an individual somehow. The person might have the
> passwords and also sound technical expertise in remote utilities. Is there a
> way for me to trace where the traffic was coming from that day and what IP
> address? Also, is there a way to automatically capture the screen if it was
> remotely controlled?
> Please advise, thanks in advance.
>
>
> Sincerely,
>
>
>
> David Ng
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
