Re: Strange logon attempts
- From: comphelp@xxxxxxxxx (Todd H.)
- Date: 14 Jun 2006 10:22:23 -0500
"Matt" <matthewsatkins@xxxxxxxxx> writes:
I have recently taken over a network. I started to audit failed logon
attempts and am finding a particular computer trying to log on as my
desktop tech once or twice a day. The attempts are coming from a
computer name that I do not recognize. When this first started
happening, I couldn't find a reference for this computer anywhere in my
network. Just yesterday, I found that it was given an IP address lease
a few days ago. What can I do to find where this PC is??
Depends on your network topology.
Take that IP address, get to the subnet it's on via tracert, get to a
machine on that network, arp for that IP to get the mac address,
access the switch for that lan (hopefully it's a managed one) and find
out what port of the switch has the mac address associated with that
ip, find out what cable's plugged into that port, then track that down
a physical machine.
Now, if it's a wirelessly connected machine, then your job becomes
more interesting.
--
Todd H.
http://www.toddh.net/
.
- References:
- Strange logon attempts
- From: Matt
- Strange logon attempts
- Prev by Date: Re: Strange logon attempts
- Next by Date: Re: Stealthing
- Previous by thread: Re: Strange logon attempts
- Next by thread: Re: Strange logon attempts
- Index(es):
Relevant Pages
|
