Security

General discussion

Gravatar
Locked

Who is tring to get into my computer

By dgoold ·
I have several NT computers in my department that logon to NT Domain and Novell servers. I have changed Administrator account name and I?m auditing logons. I noticed that I was getting a lot of logon failures from computers. I contacted IS department about this and they told me that they were computers that had viruses and needed to be shut down cleaned of virus. I then noticed that they are trying to logon to the actual name I changed the administrator account to; this account has never been used to access the computer over network and was only know to me. Some of these computers are computers located over routed network overseas and do not show up in network neighborhood. My questions are 1. Could these be virus that can be getting actual user accounts names? 2. Can this possibly be some normal Nt service? 3. Is it possible that this could be unintentional computer user or someone intentionally trying to hack into computer and would this most likely be the person who uses computer or has their computer been hacked into and used. If this intentional I am going after them but my concerns need to be valid. This is not one or two times but, forty or sixty a week from four or five computers.

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
+ Follow this Discussion ·
| Thread display: Collapse - | Expand +

All Comments

gravatar
Collapse -

by Robbi_IA In reply to Who is tring to get into ...

I guess the first thing I need to know is that you have antivirus on all of your machines and that it is updated regularly (at least once a week, recommended you do it more often). If you have a trojan or logger running on your network, an updated antivirus scan should pick it up.

Do you have firewalls at your locations?

I doubt you're dealing with a normal NT operation.

gravatar
Collapse -

by louis0015 In reply to Who is tring to get into ...

It sounds like whatever is attempting access your computer is reading the SID for the local admin account. You may want to disable the remote registry service on your computer (XP) or modify the advanced permissions on your W2K workstation to remove the permission for remote registry access, then rename the admin account again. Or you can download the Microsoft Baseline Security Analyzer from Microsoft to scan you local workstation and ensure that you patch all of the vulnerabilities listed. If you have admin access to the other workstations that attempting to get into your workstation, you can use the MBSA to scan them.

Also, you may want to net send to the offending computers and have them call you, so you can make sure that they are properly patched and AV scanned, or remotely scan them from your workstation.

if there is anything else, please post...

Back to Security Forum
2 total posts (Page 1 of 1)  

Start or search

Related Discussions

Related Forums