Unauthorised attempts to logon to network
Hi
I have noticed this morning many many attempts to log onto our network from outside with made-up random user names - Lots of failure audits in the security Log.
I guess this will be someone trying to access our network but cannot shut down access as we have remote and home workers using RWW.
Is there any way i can identify the IP address so I can block it on the firewall?
Many thanks
I have noticed this morning many many attempts to log onto our network from outside with made-up random user names - Lots of failure audits in the security Log.
I guess this will be someone trying to access our network but cannot shut down access as we have remote and home workers using RWW.
Is there any way i can identify the IP address so I can block it on the firewall?
Many thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yes found it.
Someone trying to access our FTP server.
Many thanks
Someone trying to access our FTP server.
Many thanks
ASKER
Logon Failure:
Reason: Unknown user name or bad password
User Name: info2
Domain: ipofficeltd
Logon Type: 8
Logon Process: IIS
Authentication Package: MICROSOFT_AUTHENTICATION_P
Workstation Name: SERVER
Caller User Name: SERVER$
Caller Domain: ipofficeltd
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 1640
Transited Services: -
Source Network Address: -
Source Port: -