Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Critical Errors in Security Log

Posted on 2008-09-29
5
Medium Priority
?
427 Views
Last Modified: 2012-06-21
Hi,

I dont have a machine called Workstation1, so I'm not sure what this is for?

Any ideas?

Logon Failure:
       Reason:      Unknown user name or bad password
       User Name:       
       Domain:       
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      WORKSTATION1
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      92.9.65.68
       Source Port:      0
0
Comment
Question by:Wicked-Websites
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22594741
Hi

This is what I've found:

"Windows logs logon type 3 in most cases when you access a computer from elsewhere on the network. One of the most common sources of logon events with logon type 3 is connections to shared folders or printers. But other over-the-network logons are classed as logon type 3 as well such as most logons to IIS."

Do you host a website maybe?
0
 

Author Comment

by:Wicked-Websites
ID: 22626755
Hey,

Nope not hosting a website, but I think it is from people trying to gain access in the server, because I had over 2000 attempts to logon with administrator...

also someone tried JEFF nearly 1000 times too, and there is no-one called jeff work there :)

Is there a way to block repeat logon attempts?
0
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22632757
Yeah, there is. You can block the IP from the attempted connection on your firewall.

What type of firewall are you running?
0
 

Accepted Solution

by:
Wicked-Websites earned 0 total points
ID: 22633044
Hi,

I'm running bullguard directly on the server, and then I have a Netgear DG834G Router
0
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22650578
Hi,

I can't seem to find any information on your products on how to block external IP's. Do you still have the original documentation?

Bullguard says that it automatically blocks intruder attempts, but it does not seem the case...
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question