Critical Errors in Security Log
Hi,
I dont have a machine called Workstation1, so I'm not sure what this is for?
Any ideas?
Logon Failure:
Reason: Unknown user name or bad password
User Name:
Domain:
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: WORKSTATION1
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 92.9.65.68
Source Port: 0
I dont have a machine called Workstation1, so I'm not sure what this is for?
Any ideas?
Logon Failure:
Reason: Unknown user name or bad password
User Name:
Domain:
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: WORKSTATION1
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 92.9.65.68
Source Port: 0
ASKER
Hey,
Nope not hosting a website, but I think it is from people trying to gain access in the server, because I had over 2000 attempts to logon with administrator...
also someone tried JEFF nearly 1000 times too, and there is no-one called jeff work there :)
Is there a way to block repeat logon attempts?
Nope not hosting a website, but I think it is from people trying to gain access in the server, because I had over 2000 attempts to logon with administrator...
also someone tried JEFF nearly 1000 times too, and there is no-one called jeff work there :)
Is there a way to block repeat logon attempts?
Yeah, there is. You can block the IP from the attempted connection on your firewall.
What type of firewall are you running?
What type of firewall are you running?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi,
I can't seem to find any information on your products on how to block external IP's. Do you still have the original documentation?
Bullguard says that it automatically blocks intruder attempts, but it does not seem the case...
I can't seem to find any information on your products on how to block external IP's. Do you still have the original documentation?
Bullguard says that it automatically blocks intruder attempts, but it does not seem the case...
This is what I've found:
"Windows logs logon type 3 in most cases when you access a computer from elsewhere on the network. One of the most common sources of logon events with logon type 3 is connections to shared folders or printers. But other over-the-network logons are classed as logon type 3 as well such as most logons to IIS."
Do you host a website maybe?