I am an American working in Beijing and I keep getting this alert in my Computer Management/Security event log — primarily from the same APNIC registered IP address and always from the same domain.
I use a dual boot Acronis OS loader for XP and XP-Nlite. The Nlite OS has no network access, but my normal XP OS is constantly connected to an ADSL link.
I don’t know a lot about this, but is it that someone is getting to my Acronis OS logon screen? Why does it say that the Authentication Package is Acronis and what does that mean?
Logon Failure:
Reason: Unknown user name or bad password
User Name: administrator
Domain: 123.113.134.125
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: ACRONIS_RELOGON_AUTHENTICATION_PACKAGE
Workstation Name: WORKGROU-CGRSBJ
Whoever it is has tried many different user names, like admin, administrator, guest, new, new1, etc., as well as different workgroup names.
Can anyone advise on what I can or should do? Is my firewall leaking? Is Acronis to blame?
Thank you in advance for any help.
Cheers,
Al