sglee
asked on
BEUSER
Hi,
I have a Windows 2008 server (domain joined). As you can see in the events listed below, unknown user account 'beuser' has successfully logged in to Terminal server from IP address Network Address: 85.31.101.229 using Port# 50227 with Workstation Name "ШУРА-ПК".
Clearly this user name BEUSER does not exist in Active Directory. When I run IP Trace, It says: Continent: Europe (EU) Country: Latvia and we don't have any computer user living outside US.
How is it possible for anyone to log in wit this user account?
Is the port# 50227 is designed to accept BEUSER?
I have Linksys Router that does NAT and port forwarding and I run Backup Exec software on the Domain Controller.
Can you help?
-------------------------- ---------- ---------- -
An account was successfully logged on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: Domain_Name\BEUser
Account Name: BEUser
Account Domain: NHECO
Logon ID: 0x147e7e
Logon GUID: {00000000-0000-0000-0000-0 0000000000 0}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: ШУРА-ПК
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V2
Key Length: 128
-------------------------- ---------- ---------- ---------- ---------
Network Information:
Network Address: 85.31.101.229
Port: 50227
-------------------------- ---------- ---------- ---------- -----
I have a Windows 2008 server (domain joined). As you can see in the events listed below, unknown user account 'beuser' has successfully logged in to Terminal server from IP address Network Address: 85.31.101.229 using Port# 50227 with Workstation Name "ШУРА-ПК".
Clearly this user name BEUSER does not exist in Active Directory. When I run IP Trace, It says: Continent: Europe (EU) Country: Latvia and we don't have any computer user living outside US.
How is it possible for anyone to log in wit this user account?
Is the port# 50227 is designed to accept BEUSER?
I have Linksys Router that does NAT and port forwarding and I run Backup Exec software on the Domain Controller.
Can you help?
--------------------------
An account was successfully logged on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: Domain_Name\BEUser
Account Name: BEUser
Account Domain: NHECO
Logon ID: 0x147e7e
Logon GUID: {00000000-0000-0000-0000-0
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: ШУРА-ПК
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V2
Key Length: 128
--------------------------
Network Information:
Network Address: 85.31.101.229
Port: 50227
--------------------------
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Can I block access from IP address 85.31.101.229 and shut down port number 50227?