-
April 10th, 2003, 11:58 AM
#1
Junior Member
Multiple logon attempts?
Hey everyone Im new to all this security buisness so this question may seem kinda obvious to the expert. I was recently lookin at the event viewer and noticed alot of failed audits about a logon. Here is an example
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 4/10/2003
Time: 1:01:37 AM
User: NT AUTHORITY\SYSTEM
Computer: My-System
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: admin
Domain: CARRIE
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: CARRIE
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Is the domain name "carrie" a remote computer or a website maybe??
Im not exactly sure what the hell all this is, but it worried me, so i though i would ask some people who know what they are looking at
thanks fer the help.
-
April 10th, 2003, 12:17 PM
#2
Re: Multiple logon attempts?
It's probably the machine that attempted to connect to you. You should have a firewall in place so that they can't even attempt this.
BTW, can you change your sig? It's doing weird things to the post.
-
April 10th, 2003, 02:02 PM
#3
Re: Multiple logon attempts?
Originally posted here by Dirty_Sanchez
Is the domain name "carrie" a remote computer or a website maybe??
Someone hooked up a workstation called CARRIE on your network.
This same person is trying to logon locally on that machine using the account admin.
Try and find this workstation and you know who it is.
Use a LART if it's a regular workstation on your network. The user that's using it is trying to get in (probably to install something you don't want on your network).
-
April 11th, 2003, 01:58 PM
#4
Junior Member
Installed a Firewall
Ok I Installed a firewall Im using "zone alarm", Is this good?
Would another be beter? And also how could I find out who was behind the logon attempts?
Is there a tool I could use to "track " them down? And ask them "kindly" to stop? -or-
Is there a way i could "teach" them a lesson?
I researched "LART", I could only see a Linux Version, This would do me no good since I am using window$.
Is there even a windows LART?
Thanks again
P.S. I removed my sig sorry bout that
-Dirty_Sanchez-
-
April 11th, 2003, 02:23 PM
#5
im just guessing here cause LART is only for linux... does the L in LART stand for Linux?? hehe, check it out for me :P
- Trying is the first step towards failure. the moral is never try.
- It\'s like something out of that twilighty show about that zone.
----Homer J Simpson----
-
April 11th, 2003, 02:43 PM
#6
Re: Installed a Firewall
Originally posted here by Dirty_Sanchez
I researched "LART", I could only see a Linux Version, This would do me no good since I am using window$.
Is there even a windows LART?
Thanks again
P.S. I removed my sig sorry bout that
-Dirty_Sanchez-
LART's predate windows and *nix and are platform independent...
(L)user (A)ttitude (R)eadjustment (T)ool.
Is there a fellow monk in here?
-
April 11th, 2003, 03:16 PM
#7
I researched "LART", I could only see a Linux Version, This would do me no good since I am using window$.
im just guessing here cause LART is only for linux... does the L in LART stand for Linux?? hehe, check it out for me :P
LOL. Now this is funny Sorry about that. Didn't think ppl wouldn't know.
bballad is quite right. It stands for Luser Attitude Readjustment Tool and it's definitely platform independant.
Look it up at http://www.dict.org
Oliver's Law:
Experience is something you don't get until just after you need it.
-
April 11th, 2003, 08:23 PM
#8
I prefer a 2x4 with rusty nails driven through personaly..and watch the dict links it may lead people to the monastery
as for the original question I doubt it was a malicious attach as the domain and the system had the same name see more like a user screw up...do you have any one in your company named Carrie they would probably be the culprit… if not do you have a WAP..if so secure it you are broadcasting further then you think.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|