Need help with ANONYMOUS LOGON's in my Secuirty Log's.  Who are these people?!?

Posted on 2004-03-21
Last Modified: 2012-08-13
I have a wireless connection to a domain and while checking my security log's, I see all these crazy computernames coming up as like, 'John,' 'XP-HOME,' Susan,' etc.....

Here's a sample log file so you see what I'm talking about, no idea who this person is:

Successful Network Logon:
       User Name:      
       Logon ID:            (0x0,0x28F9AD)
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      USER-JP1V2JY0AS
       Logon GUID:      -
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID: -
       Transited Services: -
       Source Network Address:
       Source Port:      0

Now my question is... I'm secured behind my router using 128-bit encryption so I highly doubt all these people are hacking in.  Is it possible that neighborhood users are registering or hitting my 802.11 b/g router, thus creating log data?  The IP's are from different domains too, there are some from my ISP, but not all.  I now issue 10 DHCP address's, but I was getting the same messages when my network clients were connecting with static IP's and DHCP being disabled.  This is kind of freightning, any suggestions on what to do here?
Question by:yoyz
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 12

Accepted Solution

aindelicato earned 84 total points
ID: 10647016
More than likely, these other users are on your same DSL or CABLE system and there machine are "scanning" the network for shares.  Ever open Network Neighborhood, it then searches the LAN for other computers.  This also happens across the WAN and your router is seeing all that traffic, but not passing it to your computers.  I'm sure you are safe.

LVL 18

Assisted Solution

chicagoan earned 83 total points
ID: 10648350
I'd say this is a problem, you say you're behind a router but this is a global address directly accessing your machine.
The only way to do that would be directly connect, reverse nat or DMZ'ing your machine.

> I now issue 10 DHCP address's
you mean you have 10 public addresses?

LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 83 total points
ID: 10648617
Windows and it's anonymous connections... windows gives up so much information anonymously... download winfo.exe and you'll get a list of usernames account lockout policies, password expriation dates etc.... your registry can be read anonymously, or even if you try to coonect to your pc as Guest which is locked out by default, nonetheless, windows will let you view the registry.

Turn off Remote Registry service- and messenger service.

You have wireless... you need to get more secure with it... anyone with a laptop and wireless card driving by could see your network with ease... I assume you've got WEP turned on... but that wonn't keep people of, you need a MAC Address Access List or an Ip acl. Each wireless router has different ways of doing this.. please search for your brand or modle, and "mac address acl" or "mac address access list" etc...

Your Cable or DSL modem (even dialup) are also sources for scann's. Most scanners use null sessions, or the current user's credintials... that is why you see connections from different domain's and people's names.
Try these two tools out on your network and see how much info can be gathered:

To keep people off your systems- get a firewall, ZoneAlarm is a great product, the free version will keep even the elite at bay. Also look into setting up proper ACL's for your wireless router, only allow "trusted MAC address" the mac address's that belong to your PC's. To get your mac address, type on the CMD line- "ipconfig -all" (no quotes). Or it can usually be read on the Pci NIC in your PC's. Disabling anonymous connections with the windows registry doesn't work as well as it should, but to do that read this:

Turn off the remote registry service for certain, go to and scann your computer with the Shields Up test... and look at the tools he has there

Read about how to secure your model or manufactureers wireless router... and be afraid- rather paranoid with wireless... read to see the latest and greatest in wireless insecrutiy.

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
A look at what happened in the Verizon cloud breach.
Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month9 days, 9 hours left to enroll

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question