Home > Ask the Windows Security Experts > Windows Security Threats Questions & Answers > Have I experienced a Windows security breach?
Ask The Windows Security Expert: Questions & Answers
EMAIL THIS

Have I experienced a Windows security breach?

Kevin Beaver EXPERT RESPONSE FROM: Kevin Beaver

Pose a Question
Other Windows Security Categories
Meet all Windows Security Experts
Become an Expert for this site


Advice for securing Windows
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 30 January 2008
Why are so many strange IP addresses in our route print table? Does this indicate a Windows security breach? We have two domain controllers, and the primary domain controller shows the highest number of strange IP addresses. We also have a firewall installed on our network environment.

>
EXPERT RESPONSE
This could be related to DNS resolution being done on the server (which it likely is). Have you tried to browse or otherwise connect to some of the addresses you're seeing? There's also a chance that some type of malware is on the machine creating these entries. Have you tried flushing your route table? Try doing that (after-hours to minimize problems of course) to see if/when the entries come back. Beyond that, the best way to troubleshoot this is to install/run a good network analyzer (such as OmniPeek or Sniffer Pro) on the server – or a monitor/span/mirror port on your switch – and see who's talking to what. It's always pretty shocking just how much is happening on the network that you'd otherwise never know about.

Sound Off! -   


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Windows Security Threats
How can I use Process Explorer as a Web security tool?
How did a rootkit get on my Windows machine?
How to solve Windows security log mysteries
Password security in Windows XP Professional
How can I discover a hacker's IP address?
How to set up a network with Windows security in mind
How to use GPOs to deny folder permissions
How can I run third-party antivirus software?
How can I detect IP addresses that connect to IIS?
Sharing files and folders in Windows XP

End User Education
Correct improperly assigned user rights in Windows XP
Free security testing tools for Windows handheld devices
Do old certificates pose a Windows security threat?
Windows mobile security: Get it locked down
Metasploit 3.1 updates improve Windows penetration testing
Windows security management: Ask the security expert roundup
Cross-site scripting 101: XSS attacks plague Web browsers
Down the chimney, through the firewall: Holiday quiz
Failing security 101: Pwn3rship of the n00b
Password cracking, network rights and Windows Firewall expert advice

Authentication
Correct improperly assigned user rights in Windows XP
Do old certificates pose a Windows security threat?
What's hot in Windows security: Ins and outs of Windows Server 2008
Windows Server 2008 security aided by NAP and IPsec
Manage administrator rights in Windows Server 2003
Security tools that limit user logon in Windows
Windows security management: Ask the security expert roundup
Set write permissions in Windows network folders
Password cracking, network rights and Windows Firewall expert advice
Top Windows security testing tips of 2007
Authentication Research

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
strong password  (SearchWindowsSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice

HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsWebcastsWhite PapersIT DownloadsBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2004 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts