|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Pedro Quintanilha (PQuintanilha
abril.com.br)Date: Wed Nov 21 2001 - 05:43:52 CST
Like MS Terminal Services, CITRIX Metaframe 1.8 (and other versions, I
suppose) also only logs the IP informed by the client.
The log, made on Windows NT Event Log, looks like this:
========================================================================
Time: Wed Nov 21 09:37:00 2001
User: MARCUS Agent: metaframe2
Source: Security ID: 528 Type: Success Audit
Successful Logon:
User Name: MARCUS
Domain: NTDOMAIN
Logon ID: (0x2,0x2959446E)
Logon Type: 2
Logon Process: User32
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: WTS2
WinStation: ICA-tcp#245
Session ID: 245
Client Name: STATION2
Client Address: 192.168.0.44
========================================================================
In a incident investigation this is a problem for trace-back the
suspects.
_________________________________
Pedro Quintanilha
Segurança da Informação
Editora Abril s/a
+55-11-3037-4297
pquintanilhaabril.com.br
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]