General discussion


How to avoid system haching

By suresh_ig ·
Hi all,
I have a local admin account as well as domain user login in my webserver. Always I login as domain admin account where IIS is configured.I found that somebody is connecting to my server via RDP And are using my system resources(I observed in task manager-users). I wanted to know is there any way to find from which location or IP user is connecting to our system

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

A couple of approaches

by robo_dev In reply to How to avoid system hachi ...

First of all, you can increase the logging level in your firewall.

Do you have a hardware firewall? It might be a good idea to block RDP.

Next, I would setup a separate machine with an ethernet hub and run WireShark protocol analyzer to see all inbound/outbound traffic.

What OS is your webserver? If it's Win2003, you would want to change security settings to enable auditing (security settings, local policy, audit policy, audit logon events).

less useful is to do a netstat -an at the command prompt.

Related Discussions

Related Forums