I don't think so. I'm only seeing this on our Citrix server, which is for remote access. The server has a different name inside the network as well. One showed up as Del Rio Video, but we don't have a client with that name. Another showed up as ABM_Logistic, with the workstation name ABMHKRF_FTP, which seems to be a shipper in Hong Kong that doesn't have a web site I can find. -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Schneider, Chad M Sent: Thursday, January 27, 2005 2:51 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Trying to figure out security log settings Someone who set their home machine to their home network, brings machine in, plugs into your network and tries to sign on with home network credentials? -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of PETERSON, DAVID Sent: Thursday, January 27, 2005 1:48 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Trying to figure out security log settings I'm seeing odd entries in my security logs. What is showing up are login attempts to accounts that don't exist and as a domain that isn't ours. An example is this: Logon Failure: Reason: Unknown Username or password User Name:Christian Domain:AMITECH Logon Type 3 Logon Process NtLmSsp Authentication Package NTLM Workstation Name: AMITECH None of the accounts are valid, a few tried to log on as administrator, but I had already renamed that account and set the password to a 16 character random password. I had also set RestrictAnonymous to 2. I have problems seeing these as serious hack attempts, but they are annoying me, and are a bit odd. This is a 2000 SP4 box. I'm current on Windows security patches. Should I not worry about these, or is there a way to stop it? I'm also interested in what causes this, if these may be zombie systems, etc. Thanks NOTICE: This electronic mail transmission from the law firm of Dinsmore & Shohl may constitute an attorney-client communication that is privileged at law. It is not intended for transmission to, or receipt by, any unauthorized persons. If you have received this electronic mail transmission in error, please delete it from your system without copying it, and notify the sender by reply e-mail, so that our address record can be corrected. ******************************************************** This Weeks Sponsor: ThinPrint, GmbH Now available: .print Remote Desktop Printing Engine for Microsoft Terminal Services http://www.thinprint.com/dotprint/index.php?sh2&lc=1 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community - Excellent SBC Search Capabilities! http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor: ThinPrint, GmbH Now available: .print Remote Desktop Printing Engine for Microsoft Terminal Services http://www.thinprint.com/dotprint/index.php?s=682&lc=1 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community - Excellent SBC Search Capabilities! http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor: ThinPrint, GmbH Now available: .print Remote Desktop Printing Engine for Microsoft Terminal Services http://www.thinprint.com/dotprint/index.php?sh2&lc=1 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community - Excellent SBC Search Capabilities! http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm