How to detect possible hacker activities
For Windows machines running a Microsoft Vista or newer operating system, GFI EventsManager has special features that enable you to analyze the network activity occurring on those machines based on Filtering Platform Connection events. The Top Activity Network Events graph from the dashboard enables you to quickly analyze the network activity on various computers based on protocol, port, addresses, user name and application names.
One of the immediate applications of this analysis capability is to detect possible hacker activity. GFI EventsManager has predefined rules that can detect :
- Suspicious Email activity on the machine.
- DNS queries originating from system applications.
- Connections opened by different applications.
At this stage, we recommend you use the Top Activity Network Events graph and note the network activity occurring on the two machines you monitor.