Answer the question
In order to leave comments, you need to log in
D
D
DimiDr0lik2018-07-30 15:56:12
DimiDr0lik, 2018-07-30 15:56:12
How to find out the ip address of the client when authorizing in the domain?
Colleagues, good afternoon
There are a large number of services that have domain authorization
in the logs, you can see brute force in AD, but it is not clear to which resource
Failed Logon,"Logon","N/A","dc-104.local","ADMINISTRADOR", "07/29/2018 3:28:48 AM","N/A","Cause: User logon with misspelled or bad user account."
Failed Logon,"Logon","N/A","dc-102.local","ADMINSVR","7/29/2018 3:28:49 AM","N/A","Cause: User logon with misspelled or bad user account."
How can I find out the IP address of this hacker?)
2 answer(s)
@antonsr98
A
Anton Ulanov, 2018-07-30 @antonsr98
Set up an edge server for authorization and catch the scoundrel on it. As an example, you can use ForeFront TMG. or compare authorization time with firewall logs
Similar questions
W
Z
S
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question