One of our server 2003 boxes keeps sending failed kerbros authentications to our primary domain controller. The primary domain controllers security log is corrupt (is this a coiencidence?).
I'm running wireshark now on the primary domain controller and can see all the failed attempts. I am pretty sure the username that keeps failiing doesn't even exist.
I'm going to run wireshark on the server that is doing the attacks. I cannot turn off this server nor disconnect it because it is running our defect software that at any given time 30-80 people might be using.
What would you guys recommend I do to remedy this situation? What other tools can i use?
Thank you so much