Unauthorised attempts to logon to network

Hi
I have noticed this morning many many attempts to log onto our network from outside with made-up random user names - Lots of failure audits in the security Log.
I guess this will be someone trying to access our network but cannot shut down access as we have remote and home workers using RWW.
Is there any way i can identify the IP address so I can block it on the firewall?
Many thanks
LVL 3
DaveA66Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DaveA66Author Commented:
Sorry, below is a typica entry in the Security Log


Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      info2
       Domain:            ipofficeltd
       Logon Type:      8
       Logon Process:      IIS    
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      SERVER
       Caller User Name:      SERVER$
       Caller Domain:      ipofficeltd
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      1640
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -

0
svgnmlCommented:
Since the logon process is IIS then the IP address should be in the IIS log usually located in
C:\WINDOWS\system32\LogFiles\

You'll have more than one IIS log directory on SBS2003 named W3SVC1, W3SVC2, etc
Match the time stamp in the log with the time of the event in the security log.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DaveA66Author Commented:
yes found it.
Someone trying to access our FTP server.
Many thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.