Security Audit Log

From: Tom Rydberg (tom.rydberg_at_bigpond.com)
Date: 06/08/03 

Date: Sat, 7 Jun 2003 20:42:26 -0700

Hi All,

Just have a quick query. I reguarly take the time to look
over the Event Viewer, mainly the security log. And I
notice there is a lot of logins by ANONYMOUS LOGON, and
here is an example of that login:

Successful Network Logon:
         User Name:
         Domain:
         Logon ID: (0x0,0x13809)
         Logon Type: 3
         Logon Process: NtLmSsp
         Authentication Package: NTLM
         Workstation Name:
         Logon GUID: {00000000-0000-0000-0000-
000000000000}

And here is also the login by myself:

Successful Logon:
         User Name: Thomas
         Domain: DOWNSTAIRS
         Logon ID: (0x0,0xC7FC)
         Logon Type: 2
         Logon Process: User32
         Authentication Package: Negotiate
         Workstation Name: DOWNSTAIRS
         Logon GUID: {00000000-0000-0000-0000-
000000000000}
The two things i notice most about the ANON login is that
the Logon Process and Authentication Packages are diff
from what they are for my logon. I understand that Logon
Type: 3 is a network logon. What does this all mean?? Is
my box being hacked??

I will just also add that my pc is networked with another
in the house, just peer to peer, and my pc is
the 'client' as such. The pc directly conn to the
Internet is firewalled and has anti virus, but at the
time of writing have not yet looked at the Event Viewer
audit log for the other pc.

And i also notice in the log that just before you see
where i have logged on osmething is initiated by the
SYSTEM that loads the following:

Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
 Logon account: Thomas
 Source Workstation: DOWNSTAIRS
 Error Code: 0x0

Is there anything that I should really be looking at help
protect my box? I have anti virus, tauscan, and don't
leave my machine running when I'm not using it!! Help!
Any information that anyone could give would be greatly
appreciated. Thanks in advance :)

Tom Rydberg
  

Relevant Pages