Solved

Critical Errors in Security Log

Posted on 2008-09-29
5
425 Views
Last Modified: 2012-06-21
Hi,

I dont have a machine called Workstation1, so I'm not sure what this is for?

Any ideas?

Logon Failure:
       Reason:      Unknown user name or bad password
       User Name:       
       Domain:       
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      WORKSTATION1
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      92.9.65.68
       Source Port:      0
0
Comment
Question by:Wicked-Websites
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22594741
Hi

This is what I've found:

"Windows logs logon type 3 in most cases when you access a computer from elsewhere on the network. One of the most common sources of logon events with logon type 3 is connections to shared folders or printers. But other over-the-network logons are classed as logon type 3 as well such as most logons to IIS."

Do you host a website maybe?
0
 

Author Comment

by:Wicked-Websites
ID: 22626755
Hey,

Nope not hosting a website, but I think it is from people trying to gain access in the server, because I had over 2000 attempts to logon with administrator...

also someone tried JEFF nearly 1000 times too, and there is no-one called jeff work there :)

Is there a way to block repeat logon attempts?
0
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22632757
Yeah, there is. You can block the IP from the attempted connection on your firewall.

What type of firewall are you running?
0
 

Accepted Solution

by:
Wicked-Websites earned 0 total points
ID: 22633044
Hi,

I'm running bullguard directly on the server, and then I have a Netgear DG834G Router
0
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22650578
Hi,

I can't seem to find any information on your products on how to block external IP's. Do you still have the original documentation?

Bullguard says that it automatically blocks intruder attempts, but it does not seem the case...
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question