> if anyone has any information on how to better > log (on the Win2k box itself), please let me know. Xato recently posted an advisory that shows how to use windump to log TCP/IP addresses of terminal services connections (even before the user logs in). You can read the advisory at http://www.xato.net/reference/xato-112001-01.txt WinDump can be found at http://netgroup-serv.polito.it/windump/ And the command to run is: C:\>windump "tcp dst port 3389 and tcp[13] & 3 !=0" Mark Burnett www.xato.net www.iis-insider.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Sun Nov 18 2001 - 10:12:06 PST