Re: security, VPN, MAC or IP address by Jeff
Jeff
Tue Jul 08 12:55:14 CDT 2003
if the entry came in on RRAS/VPN/Dialup and the logging of fail/success was
enabled, it's in the RRAS logs. Open RRAS from the Administrative Tools and
look to see where the log file is saved, it's text format and visually
readable in some cases, other times its in IAS format you would want to have
a log browser tool for.
if the entry came through the firewall other than within a tunnel (created
from a client computer), the ISA logs record the remote IP involved.
if you enabled detailed security logging (which MS has off by default in
Windows 2000), all logon processes could be recorded.
if it happened in the past hour and the ARP table still holds information,
you might find it but that is a long shot.
if you have a managed switch and it was used to connect through, you would
have a list of all MAC addresses, but you would have to compare to a known
list in your LAN, and this isn't going to be of much use other than proof
the MAC was on the network, or faked.
if you have wireless (WAP) support, then you probably don't have any
additional audit trail, and substantially less security to detect it.
"Diane" <diane@yourbookkeeper.com> wrote in message
news:8b8201c34573$b1468410$a401280a@phx.gbl...
> If someone hacks into a Small Business Server, is there a
> log file which stores their Mac or IP address?