Re: Intrusion lockout source
From: Steven L Umbach (sumbach_at_nospam-ameritech.net)
Date: 02/27/04
- Next message: Fast Eddie: "Re: Schannel error on W2K server -- HELP --"
- Previous message: Joe Sellner: "Service Pack 5 for Windows 2000"
- In reply to: Greg Liskey: "Intrusion lockout source"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Feb 2004 21:41:26 GMT
If you enable auditing of logon events it should give you the name of an
internal lan machine that is causing lockouts. If you want it's IP address
then you could ping it by name or review the data for dhcp leases/wins
registrations/dns zone files. Attempts from the internet should be stopped
by a properly configured firewall. You can go to a selfscan site such as
http://scan.sygatetech.com/ to check for basic vulnerabilities. File and
print sharing should be disabled on network adapters with public ip
addresses exposed to the internet. To find the IP address of computer
attacks from the internet, you would need to view your firewall logs and
match times to failed logons in the security log in Event Viewer. See the
links below for more information on auditing and lockout issues. --- Steve
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/maintain/operate/BPACTLCK.asp
http://tinyurl.com/gt83 -- same link as above in case of wrap.
"Greg Liskey" <anonymous@discussions.microsoft.com> wrote in message
news:396801c3fd77$0f2ed990$a101280a@phx.gbl...
> Is there some tool to help us locate from what IP the bad
> attempts are coming from that causes the intrusion
> lockout flag to get set in an AD domain?
- Next message: Fast Eddie: "Re: Schannel error on W2K server -- HELP --"
- Previous message: Joe Sellner: "Service Pack 5 for Windows 2000"
- In reply to: Greg Liskey: "Intrusion lockout source"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
