Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 571
  • Last Modified:

sec audit failures

I'm rather amature when it comes to security
Can anyone tell me what this log means
Logon Failure:
  Reason: Unknown user name or bad password
  User Name: admins
  Domain: YOUR-NQLT98LCOR
  Logon Type: 3
  Logon Process: NtLmSsp
  Authentication Package: NTLM
  Workstation Name: YOUR-NQLT98LCOR
  Caller User Name: -
  Caller Domain: -
  Caller Logon ID: -
  Caller Process ID: -
  Transited Services: -
  Source Network Address: 222.152.93.55
  Source Port: 0

What I've got is a win2k3 server. It uses NAT with no firewall.  This log showed up sunday just gone between 12am and 1am in 5 sec intervals. I thought it was rather random. Then last night it showed up from 11:45pm until 1:40am 10 sec intervals. Looking at the logs I can see lots of different combinations of the word administrator ie administra, administrador etc etc.
I have a dynamic external ip address which changes every other day.
I notice there is no source port at all, and I don't know if this is my own external ip thats getting reported. I have ports
4662tcp , 12827 udp
6881 - 6889
and L2TP

I'm not sure if this is something on my network or something external. In all the logs the computer name is the same, I don't have a computer with that name on the network.
0
dj_relentless
Asked:
dj_relentless
1 Solution
 
rindiCommented:
It looks like someone from outside tried to logon to your system by trying different versions of usernames/passwords. turn off file and printer sharing on the NIC to the wan, also disable NetBIOS over tcp/ip in the wins tab of the advanced tcp/ip settings. This should make your server more difficult to be seen from the internet.
0
 
dj_relentlessAuthor Commented:
thanks, i didn't event think about the configuration of the external interface
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now