sec audit failures

I'm rather amature when it comes to security
Can anyone tell me what this log means
Logon Failure:
  Reason: Unknown user name or bad password
  User Name: admins
  Domain: YOUR-NQLT98LCOR
  Logon Type: 3
  Logon Process: NtLmSsp
  Authentication Package: NTLM
  Workstation Name: YOUR-NQLT98LCOR
  Caller User Name: -
  Caller Domain: -
  Caller Logon ID: -
  Caller Process ID: -
  Transited Services: -
  Source Network Address: 222.152.93.55
  Source Port: 0

What I've got is a win2k3 server. It uses NAT with no firewall.  This log showed up sunday just gone between 12am and 1am in 5 sec intervals. I thought it was rather random. Then last night it showed up from 11:45pm until 1:40am 10 sec intervals. Looking at the logs I can see lots of different combinations of the word administrator ie administra, administrador etc etc.
I have a dynamic external ip address which changes every other day.
I notice there is no source port at all, and I don't know if this is my own external ip thats getting reported. I have ports
4662tcp , 12827 udp
6881 - 6889
and L2TP

I'm not sure if this is something on my network or something external. In all the logs the computer name is the same, I don't have a computer with that name on the network.
LVL 4
dj_relentlessAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rindiCommented:
It looks like someone from outside tried to logon to your system by trying different versions of usernames/passwords. turn off file and printer sharing on the NIC to the wan, also disable NetBIOS over tcp/ip in the wins tab of the advanced tcp/ip settings. This should make your server more difficult to be seen from the internet.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dj_relentlessAuthor Commented:
thanks, i didn't event think about the configuration of the external interface
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.