Re: IP of machine locking account?

What you describe was already done years ago. Using a Cisco firewall there
are no incoming rules allowing access to any of my domain servers from the
internet let alone a DC. Even my Exchange server has a Barracuda mail
gateway in front of it. OK, our OWA server is out in the open, but if
someone had used an OWA login attempt to lock my account I would at least
know where it is coming from as the OWA server event log always reports the
source IP address. Our DC's can only make DNS requests for forwarding
purposes so no outgoing ports are open besides 23.

Somehow the guy is able to send a login request from inside my network, one
which might have more access that it needs, but heck, most of these guys are
coming in on ports you usually need to allow, like 80.

I am going to have to setup a sniffer as someone else suggested.


"Dave" <noone@xxxxxxxxxxx> wrote in message
news:O6YGVqchIHA.1212@xxxxxxxxxxxxxxxxxxxxxxx
i always thought that exposing domain machines directly to the internet was
a really bad idea. lock the whole network behind a firewall and provide
vpn access in to users who need it from outside.

meanwhile, rename the account or delete it if you aren't using it.

"just bob" <kilbyfan@xxxxxxx> wrote in message
news:47d922f1$0$36379$742ec2ed@xxxxxxxxxxxxxxxxx
Someone is trying to hack one of our (formerly) admin accounts in AD on
Server 2003 using a bad password and causing the account to lock and the
event viewer shows the login attempt coming from a machine with a name
which is not on our network.

This has been happening every day at a different time of day and every
time the machine name is different. The only constant is the account
being attacked is the same every time. It would really help if there was
a way to get the IP address and not just the name of the machine. I have
looked in our DNS and DHCP database and found no machines we do not
recognize.

Thank you in advance if you have a suggestion for me.

-Bob





.

Relevant Pages

  • Re: Logon Server Unavailable
    ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
    (microsoft.public.windows.server.general)
  • Re: Logon Server Unavailable
    ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
    (microsoft.public.windows.server.dns)
  • Re: Logon Server Unavailable
    ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
    (microsoft.public.windows.server.networking)
  • Re: User getting "Account is Locked Out" for 2 days
    ... Then pull the network cable from that system to disconnect ... making this local profile newer than the one on the server. ... out what is going on...i have gone into his account and unchecked ...
    (microsoft.public.windows.server.sbs)
  • Re: XP HOME does not work like XP PRO
    ... >>>network (although the other two PC PRSs can see, but not access the PC HOME. ... >>>I have all users and administrators set ut identically on all three machines. ... >server as all my machines are simply plugged into a Netgear ADSL router. ... >BTW is it normal that each machine has an account administrator, ...
    (microsoft.public.windowsxp.network_web)