Multiple logon attempts?
Results 1 to 8 of 8

Thread: Multiple logon attempts?

  1. #1
    Junior Member
    Join Date
    Sep 2002
    Posts
    11

    Multiple logon attempts?

    Hey everyone Im new to all this security buisness so this question may seem kinda obvious to the expert. I was recently lookin at the event viewer and noticed alot of failed audits about a logon. Here is an example

    Event Type: Failure Audit
    Event Source: Security
    Event Category: Logon/Logoff
    Event ID: 529
    Date: 4/10/2003
    Time: 1:01:37 AM
    User: NT AUTHORITY\SYSTEM
    Computer: My-System
    Description:
    Logon Failure:
    Reason: Unknown user name or bad password
    User Name: admin
    Domain: CARRIE
    Logon Type: 3
    Logon Process: NtLmSsp
    Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    Workstation Name: CARRIE

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Is the domain name "carrie" a remote computer or a website maybe??

    Im not exactly sure what the hell all this is, but it worried me, so i though i would ask some people who know what they are looking at

    thanks fer the help.

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    Re: Multiple logon attempts?

    It's probably the machine that attempted to connect to you. You should have a firewall in place so that they can't even attempt this.

    BTW, can you change your sig? It's doing weird things to the post.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403

    Re: Multiple logon attempts?

    Originally posted here by Dirty_Sanchez
    Is the domain name "carrie" a remote computer or a website maybe??
    Someone hooked up a workstation called CARRIE on your network.
    This same person is trying to logon locally on that machine using the account admin.

    Try and find this workstation and you know who it is.

    Use a LART if it's a regular workstation on your network. The user that's using it is trying to get in (probably to install something you don't want on your network).

  4. #4
    Junior Member
    Join Date
    Sep 2002
    Posts
    11

    Installed a Firewall

    Ok I Installed a firewall Im using "zone alarm", Is this good?
    Would another be beter? And also how could I find out who was behind the logon attempts?
    Is there a tool I could use to "track " them down? And ask them "kindly" to stop? -or-
    Is there a way i could "teach" them a lesson?
    I researched "LART", I could only see a Linux Version, This would do me no good since I am using window$.
    Is there even a windows LART?

    Thanks again

    P.S. I removed my sig sorry bout that



    -Dirty_Sanchez-

  5. #5
    Senior Member
    Join Date
    Nov 2002
    Posts
    482
    im just guessing here cause LART is only for linux... does the L in LART stand for Linux?? hehe, check it out for me :P
    - Trying is the first step towards failure. the moral is never try.
    - It\'s like something out of that twilighty show about that zone.
    ----Homer J Simpson----

  6. #6
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779

    Re: Installed a Firewall

    Originally posted here by Dirty_Sanchez
    I researched "LART", I could only see a Linux Version, This would do me no good since I am using window$.
    Is there even a windows LART?

    Thanks again

    P.S. I removed my sig sorry bout that



    -Dirty_Sanchez-
    LART's predate windows and *nix and are platform independent...
    (L)user (A)ttitude (R)eadjustment (T)ool.

    Is there a fellow monk in here?

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    I researched "LART", I could only see a Linux Version, This would do me no good since I am using window$.
    im just guessing here cause LART is only for linux... does the L in LART stand for Linux?? hehe, check it out for me :P
    LOL. Now this is funny Sorry about that. Didn't think ppl wouldn't know.

    bballad is quite right. It stands for Luser Attitude Readjustment Tool and it's definitely platform independant.

    Look it up at http://www.dict.org
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    I prefer a 2x4 with rusty nails driven through personaly..and watch the dict links it may lead people to the monastery

    as for the original question I doubt it was a malicious attach as the domain and the system had the same name see more like a user screw up...do you have any one in your company named Carrie they would probably be the culprit… if not do you have a WAP..if so secure it you are broadcasting further then you think.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides