Pay attention to the audit logs Windows generates, especially the security log. Look out for failed user authentication attempts and other strange events that you didn’t cause.
Also, pay attention to the logs generated by your firewall and
anti-virus software. Try to refine your firewall logging settings to
eliminate all of the noise from the automated scans of worms like
CodeRed
and Nimda
. In the
case of these two worms, this can be accomplished by not logging
blocked TCP port 80 requests. After collecting a few weeks of logs,
it should be apparent what kind of noise traffic you are receiving.
18.222.148.124