Re: Someone is peeking my NT daily
From: Bosco Tsang (cn649@torfree.net.eh)Date: 03/15/02
- Next message: Tim Constantine: "Re: User can login with ANY password"
- Previous message: Jonathan: "Re: audit logging to database ?"
- In reply to: chris@nospam.com: "Re: Someone is peeking my NT daily"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: cn649@torfree.net.eh (Bosco Tsang) Date: Fri, 15 Mar 2002 14:27:07 GMT
Th problem is ...we don't have this workstation, and we don't have
this domain on record. However, one can make up these information.
That's what my question ...how can I know what that machine really is.
Anyway to at least get his mac address etc so I can check our router
log to locate it?
-- On Thu, 14 Mar 2002 08:08:34 -0800, chris@nospam.com wrote:>On Thu, 14 Mar 2002 15:15:27 GMT, cn649@torfree.net.eh (Bosco Tsang) >wrote: > >>Daily (at least one, sometimes twice) our NT/W2K servers locked the >>following nearly at the same time, >> >>EventID: 0x00000211 (529) - Logon Failure: >> Reason: Unknown user name or bad password >> User Name: BStewart >> Domain: B_SNIPER >> Logon Type: 3 >> Logon Process: KSecDD >> Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 >> Workstation Name: \\B_SNIPERsp >> >>How can I trace who this is, and how to block him from accessing our >>servers? > > >What more do you need? It shows the username and workstation. If >this workstation is on your network, they may just be browsing the >network neighborhood.
- Next message: Tim Constantine: "Re: User can login with ANY password"
- Previous message: Jonathan: "Re: audit logging to database ?"
- In reply to: chris@nospam.com: "Re: Someone is peeking my NT daily"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
