Need help with ANONYMOUS LOGON's in my Secuirty Log's.  Who are these people?!?

Posted on 2004-03-21
Last Modified: 2012-08-13
I have a wireless connection to a domain and while checking my security log's, I see all these crazy computernames coming up as like, 'John,' 'XP-HOME,' Susan,' etc.....

Here's a sample log file so you see what I'm talking about, no idea who this person is:

Successful Network Logon:
       User Name:      
       Logon ID:            (0x0,0x28F9AD)
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      USER-JP1V2JY0AS
       Logon GUID:      -
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID: -
       Transited Services: -
       Source Network Address:
       Source Port:      0

Now my question is... I'm secured behind my router using 128-bit encryption so I highly doubt all these people are hacking in.  Is it possible that neighborhood users are registering or hitting my 802.11 b/g router, thus creating log data?  The IP's are from different domains too, there are some from my ISP, but not all.  I now issue 10 DHCP address's, but I was getting the same messages when my network clients were connecting with static IP's and DHCP being disabled.  This is kind of freightning, any suggestions on what to do here?
Question by:yoyz
LVL 12

Accepted Solution

aindelicato earned 84 total points
ID: 10647016
More than likely, these other users are on your same DSL or CABLE system and there machine are "scanning" the network for shares.  Ever open Network Neighborhood, it then searches the LAN for other computers.  This also happens across the WAN and your router is seeing all that traffic, but not passing it to your computers.  I'm sure you are safe.

LVL 18

Assisted Solution

chicagoan earned 83 total points
ID: 10648350
I'd say this is a problem, you say you're behind a router but this is a global address directly accessing your machine.
The only way to do that would be directly connect, reverse nat or DMZ'ing your machine.

> I now issue 10 DHCP address's
you mean you have 10 public addresses?

LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 83 total points
ID: 10648617
Windows and it's anonymous connections... windows gives up so much information anonymously... download winfo.exe and you'll get a list of usernames account lockout policies, password expriation dates etc.... your registry can be read anonymously, or even if you try to coonect to your pc as Guest which is locked out by default, nonetheless, windows will let you view the registry.

Turn off Remote Registry service- and messenger service.

You have wireless... you need to get more secure with it... anyone with a laptop and wireless card driving by could see your network with ease... I assume you've got WEP turned on... but that wonn't keep people of, you need a MAC Address Access List or an Ip acl. Each wireless router has different ways of doing this.. please search for your brand or modle, and "mac address acl" or "mac address access list" etc...

Your Cable or DSL modem (even dialup) are also sources for scann's. Most scanners use null sessions, or the current user's credintials... that is why you see connections from different domain's and people's names.
Try these two tools out on your network and see how much info can be gathered:

To keep people off your systems- get a firewall, ZoneAlarm is a great product, the free version will keep even the elite at bay. Also look into setting up proper ACL's for your wireless router, only allow "trusted MAC address" the mac address's that belong to your PC's. To get your mac address, type on the CMD line- "ipconfig -all" (no quotes). Or it can usually be read on the Pci NIC in your PC's. Disabling anonymous connections with the windows registry doesn't work as well as it should, but to do that read this:

Turn off the remote registry service for certain, go to and scann your computer with the Shields Up test... and look at the tools he has there

Read about how to secure your model or manufactureers wireless router... and be afraid- rather paranoid with wireless... read to see the latest and greatest in wireless insecrutiy.

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
On-premise Digitally Signed/Encrypted Secure E-mail Solutions 1 51
Network Security Solution 7 59
Help with preventing downloading a zip file 10 45
Using GMail for Scanning 5 32
OnPage: Incident management and secure messaging on your smartphone
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question