How do I tell if an attack is from an internal or external source
From: Steve Everington (steve.nospam_at_pannellsigns.co.uk)
Date: 03/30/05
- Next message: Angryblack: "RE: How to rename the W2K AD Administrator account"
- Previous message: Woodsy: "How to rename the W2K AD Administrator account"
- Next in thread: Tom Celica: "Re: How do I tell if an attack is from an internal or external source"
- Reply: Tom Celica: "Re: How do I tell if an attack is from an internal or external source"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Mar 2005 11:05:02 +0100
Hello
I have been getting a series of (a few hundred) failed login attempts in the
early hours of the morning (a series of 529 & 681 login failure security
events). The 529 entry has a login in type of 3, which I believe is a
network login and the workstation name is the server's name.
Is there a way of telling whether the events are being caused by attempted
logins on my VPN or by a trojan/virus running on my server or some other
source?
Thanks
Steve Everington
- Next message: Angryblack: "RE: How to rename the W2K AD Administrator account"
- Previous message: Woodsy: "How to rename the W2K AD Administrator account"
- Next in thread: Tom Celica: "Re: How do I tell if an attack is from an internal or external source"
- Reply: Tom Celica: "Re: How do I tell if an attack is from an internal or external source"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
