- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
Server software question...
Posted on 3/19/15 at 10:26 am
Posted on 3/19/15 at 10:26 am
If someone is authorized to remote accesses your server, is their IP address typically logged?
Posted on 3/19/15 at 10:45 am to ell_13
quote:
look in the Security event log for event ID 4624. There will be a line:
Source Network Address: 192.168.xxx.xxx
Just to be clear (cause I wasn't), that can still be done even after the remote user logs out? In other words the accessing IP is logged somewhere that the Admin can go back and review?
Posted on 3/19/15 at 10:47 am to TigerGman
It's an event log. Why would it disappear?
Posted on 3/19/15 at 10:48 am to TigerGman
That's the entire point of logs. They're not a live view
Posted on 3/19/15 at 10:53 am to TigerGman
quote:
Just to be clear (cause I wasn't), that can still be done even after the remote user logs out? In other words the accessing IP is logged somewhere that the Admin can go back and review?
Someone either
(A) Made unauthorized changes
(B) Realized their account was still active
Posted on 3/19/15 at 10:53 am to MrSmith
quote:
That's the entire point of logs. They're not a live view
Just making sure. I need a quick answer and it's pretty important.
Thanks all for the help.
Posted on 3/19/15 at 10:54 am to GrammarKnotsi
Sounds like GMan will be looking for a job soon.
Posted on 3/19/15 at 11:01 am to ell_13
quote:
Sounds like GMan will be looking for a job soon.
Actually someone may get charged for computer access crime. Gonna be real interesting.
Posted on 3/19/15 at 11:02 am to TigerGman
The answer is yes. It will most likely be recorded in multiple places. However, additional lengths would have to be taken to determine who actually owned said source address (assuming its external and not a company owned address that would be present in arin database). Additional steps as in subpoenas, etc
This post was edited on 3/19/15 at 11:05 am
Posted on 3/19/15 at 11:02 am to TigerGman
It's that serious and you had me google for you?
Posted on 3/19/15 at 11:08 am to ell_13
quote:
It's that serious and you had me google for you?
LOL. Well its a very early stage thing and threats of charges being filed are being made. The Devil's gonna be in the details and I have no details yet. i just needed to know in general if IP addresses were typically logged. I was almost sure they were just needed some confirmation since I don't do any server stuff. I also figured all you guys would give me quick answers.
Posted on 3/19/15 at 11:11 am to TigerGman
If a user is authorized, you'll have that info too. So you think someone stole a user account?
Posted on 3/19/15 at 11:58 am to ell_13
quote:
So you think someone stole a user account?
Basically an ex employee with a password kept downloading company info. It's about to get ugly.
Posted on 3/19/15 at 12:07 pm to TigerGman
quote:
an ex employee with a password kept downloading company info.
If I didn't disable the account in AD (or change administrator level passwords), I would be worried for my job too..
This post was edited on 3/19/15 at 12:08 pm
Posted on 3/19/15 at 12:40 pm to TigerGman
quote:
Basically an ex employee with a password kept downloading company info. It's about to get ugly.
i'd probably stop posting specifics if i was you. asking generic questions is one thing but posting these details on a public forum is a bad idea.
Posted on 3/19/15 at 12:42 pm to GrammarKnotsi
Yep. Usually regulations stipulate a timeline for access removal. If not that, at the very least company policy.
Posted on 3/19/15 at 2:26 pm to ell_13
quote:
It's that serious and you had me google for you?
give hima break...it isnt about iApple
Posted on 3/19/15 at 2:35 pm to gmrkr5
quote:
i'd probably stop posting specifics if i was you. asking generic questions is one thing but posting these details on a public forum is a bad idea.
Meh. Trust me ---I ain't being specific at all. And if by some miracle chance they not only know who I am in real life AND they know exactly what I'm talking about , well so much the better he's reading this --cause your dumbass is screwed
Popular
Back to top
Follow TigerDroppings for LSU Football News