Auditing Window's 2000
Posted 24 June 2003 - 12:58 PM
To map every open TCP and UDP port to a running executable.
2 Netstat -an to retrieve the conected IP addresses and opened port info. As it's off line not going to gain anything ??
3 Nbtstat -c Not much help as it's off line
4 PSLIST List processes on the machine.
5 Dir /a /t:a /o:d /s c:\ The a switch will list all files including hidden one's. The /t switch tells dir which time stamps you want to see. The /o:d switch tells the command you want it to be sorted by date.
6NTLAST Check's the logon and log off events and tells you when they where executed.
Retrieving the event log's
8 REGDMP which comes with NT/200 resource kit for dumping the registry into readable format.
This is going to be my first audit so will post later how i got on and the problem's i faced.
Posted 24 June 2003 - 01:18 PM
Posted 25 June 2003 - 09:28 AM
Now you could look through them manually but that would take forever. So load them up into webalizer which is free and does have a windows distro (I believe).
After the report has run you can view which IP address requested the most by KB. Here you can determine if there was an abnormal spike. Which would be a dead giveaway.
I'll think of some more in a bit. Keep me posted on progress and I'll give you some tips.
Would you like to earn money posting on GSO?
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users