What kind of firewall do you have? I would start by nailing it down. Do you have account lockout policies set? x number of bad login = attempts =3D account locked out. I would also lookup the ip addresses on Arin and see where they are = coming from and maybe send an email to those ISP reporting the attempts = to break into your system. Greg -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of Jan Broucinek Sent: Wednesday, February 25, 2004 10:08 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] OT - HELP I need help! I've missed a security step somewhere in my network config. I'm seeing event log entries similar to the following: ANONYMOUS LOGON Login Failure... All are coming from IP addresses and Domain/Workstation names that I don't recognize. And I have someone from the outside world pounding the network with some user accounts that thankfully are disabled, but apparently they are randomly trying passwords via a generator. They are even hitting accounts that are system services. I'm not even sure where to begin... Thanks, Jan ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com=20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm