Re: strang log

From: Chris Weber [Security MVP] (chris_at_dev.nul)
Date: 06/21/05

  • Next message: Peter Rus: "Is local system account member of local Administrators group?"
    Date: Mon, 20 Jun 2005 22:05:42 -0700
    
    

    Can you run a sniffer? Do you see TCP like acks going back and forth? If
    the address is spoofed, like you said, your server would not be able to talk
    back to this smbdy.

    "Simo Sentissi" <msentissi@rightnow.com> wrote in message
    news:%23BBV%23medFHA.3012@tk2msftngp13.phx.gbl...
    > hello there
    >
    > I have a strange occurence of smbdy trying to login as local admin on a
    > server box, since it locks out and back after 30 mins the same thing
    > repeats again.
    >
    > I looked at the details and I noticed that the origination address is a
    > 192.168 addr wich do not belong to our network? I am kind of puzzeled !
    > how can the tcp/ip transaction finish if address is spoofed or it that
    > data from some netbios header ?
    >
    >
    >
    >


  • Next message: Peter Rus: "Is local system account member of local Administrators group?"