Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Critical Errors in Security Log

Posted on 2008-09-29
5
422 Views
Last Modified: 2012-06-21
Hi,

I dont have a machine called Workstation1, so I'm not sure what this is for?

Any ideas?

Logon Failure:
       Reason:      Unknown user name or bad password
       User Name:       
       Domain:       
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      WORKSTATION1
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      92.9.65.68
       Source Port:      0
0
Comment
Question by:Wicked-Websites
  • 3
  • 2
5 Comments
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22594741
Hi

This is what I've found:

"Windows logs logon type 3 in most cases when you access a computer from elsewhere on the network. One of the most common sources of logon events with logon type 3 is connections to shared folders or printers. But other over-the-network logons are classed as logon type 3 as well such as most logons to IIS."

Do you host a website maybe?
0
 

Author Comment

by:Wicked-Websites
ID: 22626755
Hey,

Nope not hosting a website, but I think it is from people trying to gain access in the server, because I had over 2000 attempts to logon with administrator...

also someone tried JEFF nearly 1000 times too, and there is no-one called jeff work there :)

Is there a way to block repeat logon attempts?
0
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22632757
Yeah, there is. You can block the IP from the attempted connection on your firewall.

What type of firewall are you running?
0
 

Accepted Solution

by:
Wicked-Websites earned 0 total points
ID: 22633044
Hi,

I'm running bullguard directly on the server, and then I have a Netgear DG834G Router
0
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22650578
Hi,

I can't seem to find any information on your products on how to block external IP's. Do you still have the original documentation?

Bullguard says that it automatically blocks intruder attempts, but it does not seem the case...
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question