[THIN] Re: Trying to figure out security log settings
- From: "PETERSON, DAVID" <DPETERSO@xxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Thu, 27 Jan 2005 15:01:43 -0500
I don't think so. I'm only seeing this on our Citrix server, which is
for remote access. The server has a different name inside the network as
well. One showed up as Del Rio Video, but we don't have a client with
that name. Another showed up as ABM_Logistic, with the workstation name
ABMHKRF_FTP, which seems to be a shipper in Hong Kong that doesn't have
a web site I can find.
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Schneider, Chad M
Sent: Thursday, January 27, 2005 2:51 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Trying to figure out security log settings
Someone who set their home machine to their home network, brings machine
in,
plugs into your network and tries to sign on with home network
credentials?
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf
Of PETERSON, DAVID
Sent: Thursday, January 27, 2005 1:48 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Trying to figure out security log settings
I'm seeing odd entries in my security logs. What is showing up are login
attempts to accounts that don't exist and as a domain that isn't ours.
An example is this:
Logon Failure:
Reason: Unknown Username or password
User Name:Christian
Domain:AMITECH
Logon Type 3
Logon Process NtLmSsp
Authentication Package NTLM
Workstation Name: AMITECH
None of the accounts are valid, a few tried to log on as administrator,
but
I had already renamed that account and set the password to a 16
character
random password. I had also set RestrictAnonymous to 2.
I have problems seeing these as serious hack attempts, but they are
annoying
me, and are a bit odd. This is a 2000 SP4 box. I'm current on Windows
security patches.
Should I not worry about these, or is there a way to stop it? I'm also
interested in what causes this, if these may be zombie systems, etc.
Thanks
NOTICE: This electronic mail transmission from the law firm of Dinsmore
&
Shohl may constitute an attorney-client communication that is privileged
at
law. It is not intended for transmission to, or receipt by, any
unauthorized persons. If you have received this electronic mail
transmission
in error, please delete it from your system without copying it, and
notify
the sender by reply e-mail, so that our address record can be corrected.
********************************************************
This Weeks Sponsor: ThinPrint, GmbH
Now available: .print Remote Desktop Printing Engine for Microsoft
Terminal
Services
http://www.thinprint.com/dotprint/index.php?sh2&lc=1
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community - Excellent SBC Search Capabilities!
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use
the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor: ThinPrint, GmbH
Now available: .print Remote Desktop Printing Engine
for Microsoft Terminal Services
http://www.thinprint.com/dotprint/index.php?s=682&lc=1
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community - Excellent SBC Search Capabilities!
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor: ThinPrint, GmbH
Now available: .print Remote Desktop Printing Engine
for Microsoft Terminal Services
http://www.thinprint.com/dotprint/index.php?sh2&lc=1
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community - Excellent SBC Search Capabilities!
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
