Login audit... now what?

From: Don (geek42_at_email.com)
Date: 10/12/03

• Next message: Dinis Cruz: "Re: Anyone hear of ANSA (Asp.Net Security Analyser)??"
• Previous message: Dr. Pastor: "Re: iexplore try to contact hpc.hpconline.com???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 11 Oct 2003 15:40:22 -0700

Someone's been trying to access my Win2000 system remotely. I caught
them by enabling login audits. Here's a sample result... it's one of
many.

Logon Failure:
         Reason: Unknown user name or bad password
         User Name: Guest
         Domain: PPNET
         Logon Type: 3
         Logon Process: NtLmSsp
         Authentication Package: NTLM
         Workstation Name: CIBBRAY

My question is this: what do the domain and workstation name tell me?
How can I track this guy down?

Thanks,
Don

---

• Next message: Dinis Cruz: "Re: Anyone hear of ANSA (Asp.Net Security Analyser)??"
• Previous message: Dr. Pastor: "Re: iexplore try to contact hpc.hpconline.com???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)