IP of machine hacking account?

Someone is trying to hack one of our (formerly) admin accounts in AD on
Server 2003 using a bad password and causing the account to lock and the
event viewer shows the login attempt coming from a machine with a name which
is not on our network.

This has been happening every day at a different time of day and every time
the machine name is different. The only constant is the account being
attacked is the same every time. It would really help if there was a way to
get the IP address and not just the name of the machine. I have looked in
our DNS and DHCP database and found no machines we do not recognize.

Thank you in advance if you have a suggestion for me.

-Bob


.

Relevant Pages

  • Account Lock Outs
    ... Account lock outs are occuring and currently ... there are NO GPs or any account policy set to lock out ... The infrastructure in Win 2000 server with most recent ...
    (microsoft.public.win2000.security)
  • Re: Unexpectedly Quits
    ... Turn off the junk mail filter. ... Log into your account through a web mail interface or using another client ... Try Sending separately from Receiving to see if one or the other is causing ...
    (microsoft.public.mac.office.entourage)
  • Passprop in Windows 2000
    ... Should I use passprop to lock the administrator account ... for remote access attempts on a Windows 2000 server ...
    (microsoft.public.win2000.security)
  • User account lock out
    ... What is the best way to lock out an account on the server while the person ... server access while still giving them access to their computer. ...
    (microsoft.public.win2000.active_directory)
  • Constant User Lockout
    ... I have one particular user who's account gets lock out everytime they log off ... Does anyone have any idea what may be causing this? ...
    (microsoft.public.win2000.active_directory)