For the last few months I have had this strange problem at my place. Our security expert can't explain it either. Its bothering me so I was hoping maybe someone else may have some ideas.
Problem:
On a few of my machines I started logging login failures. Servers and my personal PC's to be exact. Thought it would be a good practice to get started.
I used to see nothing in these logs most of the time. Occasionally I would see one of my own typing blunders maybe.
Then for some reason over the last few months I see more and more failed attempts at each of these PC's by a few machines on our network. 3 PC's to be exact. These machines are in different offices and the security expert says that those machines belong to regular users, not hackers by any means.
The logs always say bad username or password
account: Administrator
I see that today alone there were over 25 failed attempts at the box I am writing this from!
It seems to be getting worse, more attempts from the same 3 machines that is.
I also see these same machines sending ICMP requests to my PC's with my firewall software.
Anybody have any idea what the hell this might be?
There is no reason that these machines should be anywhere near my network.
I just don't get it!
David Ball CNE, MCSE
Problem:
On a few of my machines I started logging login failures. Servers and my personal PC's to be exact. Thought it would be a good practice to get started.
I used to see nothing in these logs most of the time. Occasionally I would see one of my own typing blunders maybe.
Then for some reason over the last few months I see more and more failed attempts at each of these PC's by a few machines on our network. 3 PC's to be exact. These machines are in different offices and the security expert says that those machines belong to regular users, not hackers by any means.
The logs always say bad username or password
account: Administrator
I see that today alone there were over 25 failed attempts at the box I am writing this from!
It seems to be getting worse, more attempts from the same 3 machines that is.
I also see these same machines sending ICMP requests to my PC's with my firewall software.
Anybody have any idea what the hell this might be?
There is no reason that these machines should be anywhere near my network.
I just don't get it!
David Ball CNE, MCSE