Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 838
  • Last Modified:

Windows XP Mass login attempts

We have several Windows XP laptops on the network that are not part of the domain. Windows XP seems to automatically attempt to login to ALL other machines on the network. What can be done to prevent windows XP from Broadcasting this mass login attempt when it boots up ?
0
dwpauleagle
Asked:
dwpauleagle
1 Solution
 
mikeleebrlaCommented:
can you elaberate on what makes you think it's "automatically attempt to login to ALL other machines on the network" If the computer isn't in the domain it should just be logging in with a local account IE no network login at all.
0
 
Rich RumbleSecurity SamuraiCommented:
Also you may need to scan for viri on this PC as there have been some recent viri that attempt to make login's to peoples PC's...
-rich
0
 
dwpauleagleAuthor Commented:
Any XP machine fresh install will attempt to login to all shared PC on the network and register a failed login attempt in the Event log.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
Rich RumbleSecurity SamuraiCommented:
Doesn't mean a virus isn't getting on them immediatly- What you can do is install ZoneAlarm on a new machine, before joining it to  the network- and before joining it to a domain. Install XP, do not connect it to the network period. Burn a CD with zonealarm on it, and install ZA. place the network cable in the pc, join it to the network etc... ZA will prompt you when any attempt to access the machine is made, and it will also alert you if a program that is not approved is trying to access the NIC or act as a server. You can use ZA to find out what is causing this on your current machines, and you can use it to protect future machines or brand new machines from infections.
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp The free version does this process locking/blocking also.
-rich
0
 
dwpauleagleAuthor Commented:
Not a virus a Machichine that is fully installed and virus  protected do this as well .. i have delt with this issues on many many networks and have never found a way to shut up the XP machines doing this on login.  thy just do it one with their own login . so it is not a brute force attack or  randon name  or admin attempts just attempts to loginto all shares with their own credintials.

this come from all XP machines
=====

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Account Logon
Event ID:      681
Date:            3/21/2005
Time:            11:06:42 AM
User:            NT AUTHORITY\SYSTEM
Computer:      EAGLE1
Description:
The logon to account: Eric
 by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
 from workstation: EBLACHNO
 failed. The error code was: 3221225572
 
======

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            3/21/2005
Time:            11:06:42 AM
User:            NT AUTHORITY\SYSTEM
Computer:      EAGLE1
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      Eric
       Domain:            EBLACHNO
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      EBLACHNO

=======
0
 
tmehmetCommented:
is the logon attempts all coming from the same machine and does it always try to use the account eric?

If so, can you tell us more about the source machine, what it is and what its running?

0
 
Rich RumbleSecurity SamuraiCommented:
Ohhh i see- try this
open my conputer, go to tools>folder options> then the View tab. The first entry is "automatcially search for folders and printers..."
uncheck that box... that might be what this extra chatter is...
-rich
0
 
dwpauleagleAuthor Commented:
That did the trick  Thank you.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now