Overloaded Security Log


Recommended Posts

When I tried loggin in a few mornings ago it said that I couldnt because the security log (or one of those) was too large. So I had to log in wiht the admin account and get rid of some of the older entries. I noticed in the midst of this that there was about 200 anonymous logon attempts between the hours of 2am and 5am.

The computer was off at that point.

I use remote desktop to the other computer on the network to access the internet.

Any idea WTF happened?

I checked the logs on the other computer and nada...there wasnt a thing.

Both are running winXP Pro and theyre networked with a fairly new linksys switch...

Link to comment
Share on other sites

When I tried loggin in a few mornings ago it said that I couldnt because the security log (or one of those) was too large. So I had to log in wiht the admin account and get rid of some of the older entries. I noticed in the midst of this that there was about 200 anonymous logon attempts between the hours of 2am and 5am.

The computer was off at that point.

I use remote desktop to the other computer on the network to access the internet.

Any idea WTF happened?

I checked the logs on the other computer and nada...there wasnt a thing.

Both are running winXP Pro and theyre networked with a fairly new linksys switch...

You should set the account lockout policy.

Link to comment
Share on other sites

Yea, I have it set so that after 3 failed logon attempts the system locks that account out till the admin resets it or 90min passes

Link to comment
Share on other sites

I noticed in the midst of this that there was about 200 anonymous logon attempts between the hours of 2am and 5am.

The computer was off at that point.

I would have to say NO - if your machine was OFF you could not have anything in the logs. You do know just turning off the monitor does not turn your machine off :) Is the time off on the machine, ie just because the logs say it was 2am, does not mean that was the correct time

Do you have the NIC set for wake on lan or something? What was the attempted access to? A ftp server? A webserver? If ftp is up and running - you will see quite a few anon attempts. Just the script kiddies looking for a place to store their warez :)

Link to comment
Share on other sites

Do you have the NIC set for wake on lan or something?

Yeah, well if they had the wake_on_lan on how did the computer shutdown? Shut_On_lan? :wacko:

Link to comment
Share on other sites

Yeah, well if they had the wake_on_lan on how did the computer shutdown? Shut_On_lan? :wacko:

:huh: Do you even have a clue to what wake on lan is?? I would guess not from you post.

A specific type of packet has to be sent to the MAC address of the NIC on the machine you want to wake up. It just doesn't turn on if there is traffic on the network.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.