Re: Strange logon attempts


Walter Roberson wrote:
But the OP doesn't know where the machine -is-. If the OP is using
switches, they would have to at least track down which switch the
problem machine was directly attached to in order to do the
sniffing. And that's provided that the switches are managed switches
that provide packet copying services: if the switches are unmanaged,
you'd need to swap in a hub in order to do the sniffing.

From the OP:
"I started to audit failed logon attempts..."
"The attempts are coming from a computer name that I do not recognize."

Just sniff close to where the "attempts" go.

Kind regards
Ludovic

.

Relevant Pages

  • RE: A Solution for sniffing
    ... database or something that sounds interesting. ... for sure if someone is sniffing. ... arp-cache, in your switches. ... your connection on a sniffer attempt, and that would be all you could do! ...
    (Security-Basics)
  • RE: A Solution for sniffing
    ... Nowadays most people who sniff, sniff using tools that poison your ... arp-cache, in your switches. ... This makes the machine sniffing you the machine in the middle, ... your connection on a sniffer attempt, and that would be all you could do! ...
    (Security-Basics)
  • RE: Sniffing a Switched Network
    ... Subject: Sniffing a Switched Network ... You CAN sniff without a monitoring port, but you will only see traffic to ... If you have multiple switches, ...
    (Security-Basics)
  • Re: sniffing a switch
    ... A great program for sniffing a switched LAN is Ettercap ... Switches may be difficult to sniff, ... > ARP spoofing, and the machine that will most probably be ARP spoofed ...
    (Security-Basics)