My Symantec 300 is logging the fact that access is denied to the admin console because of wrong username or password. It lists the source IP and its always a valid private address on my LAN! So far I've seen 4 different addresses listed. This all started about 2 weeks ago. WAN side admin is disabled. Remote desktop requires VPN to my RRAS server and its not logging any VPN connections at these times. Also the repetition of attempts is several per second so it must be program generated.
Any ideas?
- Follow via:
- RSS
- Email Alert
Question
0
Votes
LAN side firewall password attack
13th Feb 2008
Answers (2)
0
Votes
Possibly wireless?
maybe someone is connecting wirelessly.
13th Feb 2008
Replies
But one of the IP addresses belongs to my laptop. It hasn't left the building in months and the wireless connection is disabled.
Maybe a former admin hide a wireless access point!!! But how would he be spoofing IP addresses unless he is remoting into these machines? Sounds like a long shot but I'll lock these machines down tight.
My gut feeling is that some type of malware got inside of my LAN.
Maybe a former admin hide a wireless access point!!! But how would he be spoofing IP addresses unless he is remoting into these machines? Sounds like a long shot but I'll lock these machines down tight.
My gut feeling is that some type of malware got inside of my LAN.
lstone@...
13th Feb 2008
0
Votes
Mystery solved
We use Windows Live OneCare and it now probes firewalls/routers to insure the default password has been changed. Net idea for typical home users. We will get off of OneCare real soon because its just too much of a hassle in a business environment. But I do think it is a very good product for home users or very small businesses.
15th Feb 2008
