[THIN] Re: OT - HELP

• From: "Greg Reese" <GReese@xxxxxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Wed, 25 Feb 2004 10:12:31 -0500

What kind of firewall do you have? I would start by nailing it down.

Do you have account lockout policies set?  x number of bad login =
attempts =3D account locked out.

I would also lookup the ip addresses on Arin and see where they are =
coming from and maybe send an email to those ISP reporting the attempts =
to break into your system.

Greg

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
Behalf Of Jan Broucinek
Sent: Wednesday, February 25, 2004 10:08 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] OT - HELP


I need help!

I've missed a security step somewhere in my network config. I'm seeing
event log entries similar to the following:

ANONYMOUS LOGON
Login Failure...

All are coming from IP addresses and Domain/Workstation names that I
don't recognize.

And I have someone from the outside world pounding the network with
some user accounts that thankfully are disabled, but apparently they
are randomly trying passwords via a generator.

They are even hitting accounts that are system services.

I'm not even sure where to begin...

Thanks,
Jan


********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential
applications to eliminate your printing, policy and profile,
and your application management problems.
http://www.triCerat.com=20
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential
applications to eliminate your printing, policy and profile,
and your application management problems.
http://www.triCerat.com 
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts:

• » [THIN] OT - HELP
• » [THIN] Re: OT - HELP
• » [THIN] Re: OT - HELP
• » [THIN] Re: OT - HELP

1. Home
2. thin
3. Archive
4. 02-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---