LAN side firewall password attack

By lstone ·
My Symantec 300 is logging the fact that access is denied to the admin console because of wrong username or password. It lists the source IP and its always a valid private address on my LAN! So far I've seen 4 different addresses listed. This all started about 2 weeks ago. WAN side admin is disabled. Remote desktop requires VPN to my RRAS server and its not logging any VPN connections at these times. Also the repetition of attempts is several per second so it must be program generated.

Any ideas?

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Possibly wireless?

by Mr.Wiz In reply to LAN side firewall passwor ...

maybe someone is connecting wirelessly.

Collapse -

always possible

by lstone In reply to Possibly wireless?

But one of the IP addresses belongs to my laptop. It hasn't left the building in months and the wireless connection is disabled.

Maybe a former admin hide a wireless access point!!! But how would he be spoofing IP addresses unless he is remoting into these machines? Sounds like a long shot but I'll lock these machines down tight.

My gut feeling is that some type of malware got inside of my LAN.

Collapse -

Mystery solved

by lstone In reply to LAN side firewall passwor ...

We use Windows Live OneCare and it now probes firewalls/routers to insure the default password has been changed. Net idea for typical home users. We will get off of OneCare real soon because its just too much of a hassle in a business environment. But I do think it is a very good product for home users or very small businesses.

Back to Networks Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums