Solved

Critical Errors in Security Log

Posted on 2008-09-29
5
423 Views
Last Modified: 2012-06-21
Hi,

I dont have a machine called Workstation1, so I'm not sure what this is for?

Any ideas?

Logon Failure:
       Reason:      Unknown user name or bad password
       User Name:       
       Domain:       
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      WORKSTATION1
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      92.9.65.68
       Source Port:      0
0
Comment
Question by:Wicked-Websites
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22594741
Hi

This is what I've found:

"Windows logs logon type 3 in most cases when you access a computer from elsewhere on the network. One of the most common sources of logon events with logon type 3 is connections to shared folders or printers. But other over-the-network logons are classed as logon type 3 as well such as most logons to IIS."

Do you host a website maybe?
0
 

Author Comment

by:Wicked-Websites
ID: 22626755
Hey,

Nope not hosting a website, but I think it is from people trying to gain access in the server, because I had over 2000 attempts to logon with administrator...

also someone tried JEFF nearly 1000 times too, and there is no-one called jeff work there :)

Is there a way to block repeat logon attempts?
0
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22632757
Yeah, there is. You can block the IP from the attempted connection on your firewall.

What type of firewall are you running?
0
 

Accepted Solution

by:
Wicked-Websites earned 0 total points
ID: 22633044
Hi,

I'm running bullguard directly on the server, and then I have a Netgear DG834G Router
0
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22650578
Hi,

I can't seem to find any information on your products on how to block external IP's. Do you still have the original documentation?

Bullguard says that it automatically blocks intruder attempts, but it does not seem the case...
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Written by Glen Knight (demazter) as part of a series of how-to articles. Introduction One of the biggest consumers of disk space with Small Business Server 2008(SBS) is Windows Server Update Services, more affectionately known as WSUS. For t…
The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question