Re: Thousands of logon failures in the Security Log
- From: "kj" <kj@xxxxxxxxxxx>
- Date: Thu, 21 Jun 2007 14:47:51 -0700
Robarb wrote:
Every morning, my Security log is full of unsuccessful login attempts
with user names like 'Administrator' and 'Admin' as well as common
names like 'Mike', 'Bob', etc. I realize these are attempts to break
into my system, and some mornings there are over 2000 attempts on
'Administrator' alone.
I have set my account lockout thresholds very low (as has been
described in other TechNet discussions) and I still often wake up to
a security log reporting thousands of "Unknown user name or bad
password" errors. Any ideas why the lockout isn't working? What
should I do? All help is appreciated.
Thanks,
Rob
Lockouts will not stop logging of the attempted login. The logon type and
process name can be used to help determine what method is being used to
attempt access.
If you are able to determine the source (IP) you may be able to block them
and or report them to authorities. Also review any open ports and close any
not absolutely necessary. Some routers/firewalls are able to open ports only
for specific hours of operation.
--
/kj
.
- Prev by Date: Re: Blocking Windows Live Messenger
- Next by Date: Re: Blocking Windows Live Messenger
- Previous by thread: Re: Thousands of logon failures in the Security Log
- Next by thread: Re: Thousands of logon failures in the Security Log
- Index(es):
Relevant Pages
|
