Questions

LAN side firewall password attack

+
0 Votes
Locked

LAN side firewall password attack

lstone
My Symantec 300 is logging the fact that access is denied to the admin console because of wrong username or password. It lists the source IP and its always a valid private address on my LAN! So far I've seen 4 different addresses listed. This all started about 2 weeks ago. WAN side admin is disabled. Remote desktop requires VPN to my RRAS server and its not logging any VPN connections at these times. Also the repetition of attempts is several per second so it must be program generated.

Any ideas?
  • +
    0 Votes
    Mr.Wiz

    maybe someone is connecting wirelessly.

    +
    0 Votes
    lstone

    But one of the IP addresses belongs to my laptop. It hasn't left the building in months and the wireless connection is disabled.

    Maybe a former admin hide a wireless access point!!! But how would he be spoofing IP addresses unless he is remoting into these machines? Sounds like a long shot but I'll lock these machines down tight.

    My gut feeling is that some type of malware got inside of my LAN.

    +
    0 Votes
    lstone

    We use Windows Live OneCare and it now probes firewalls/routers to insure the default password has been changed. Net idea for typical home users. We will get off of OneCare real soon because its just too much of a hassle in a business environment. But I do think it is a very good product for home users or very small businesses.

  • +
    0 Votes
    Mr.Wiz

    maybe someone is connecting wirelessly.

    +
    0 Votes
    lstone

    But one of the IP addresses belongs to my laptop. It hasn't left the building in months and the wireless connection is disabled.

    Maybe a former admin hide a wireless access point!!! But how would he be spoofing IP addresses unless he is remoting into these machines? Sounds like a long shot but I'll lock these machines down tight.

    My gut feeling is that some type of malware got inside of my LAN.

    +
    0 Votes
    lstone

    We use Windows Live OneCare and it now probes firewalls/routers to insure the default password has been changed. Net idea for typical home users. We will get off of OneCare real soon because its just too much of a hassle in a business environment. But I do think it is a very good product for home users or very small businesses.