I have an attempted hacker (I think) who is trying to log on to one of my client’s servers. Here’s the log:
Logon Failure:
Reason: Unknown user name or bad password
User Name: administrator
Domain: *************
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: administrator
Caller User Name: –
Caller Domain: –
Caller Logon ID: –
Caller Process ID: –
Transited Services: –
Source Network Address: –
Source Port: –
For more information, see Help and Support Center at
—————————–
There is no machine called ‘administrator’ on their network and it happens about 5-6 times a day at random times.
The server is an SBS 2003 running ISA 2000.
Since I’m not an ISA guru, is there any reporting or ways of tracking an IP address (since the event log does not? Any ideas?
