See there. No reason to be afraid of a network trace. :o) Its all good in the hood.
Very seriously, the more you play with network traces and looking at them, the more you can identify as weird, strange, unusual, not correct, etc. It really is a very good skill to work on and keep. There are so many things that pop up as obvious when you look at the traces. There are lots of things that aren't obvious too like most of the RPC stuff or encrypted stuff but hey, don't let some failures stop you completely. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dennis Depp Sent: Wednesday, March 23, 2005 1:11 PM To: [email protected] Subject: Re: [ActiveDir] Computer Accounts logging onto servers I wanted to thank you for the replies. I was nervous about getting a netmon trace and trying to read it. As it turns out, when I looked at the netmon trace, I discovered these two machines were looking for an SMS distribution point that used to be on this machine. I pushed a new SMS client out to the two offending machines and all is well. Thanks again. Denny On Mon, 28 Feb 2005 09:06:41 +0100, Grillenmeier, Guido <[EMAIL PROTECTED]> wrote: > just to clarify the "machine" part for Dennis: this means that some > process is either running as "Local System" or "NT > AUTHORITY\NetworkService" - this would typically be some service > installed on the machine. It is then able to leverage the > machine-account's credentials from AD to connect to resources in the > network, such as to a share of your application server. > > /Guido > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Sunday, February 27, 2005 8:05 PM > To: [email protected] > Subject: RE: [ActiveDir] Computer Accounts logging onto servers > > That simply means a machine attached to the server across the network. > It could be anything, best thing would be to go to those machines and > try to see what they are doing or set up a network sniffer and watch > the traffic coming in from them. > > In summary, could be a virus or a worm, could be something else. > > joe > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Dennis Depp > Sent: Sunday, February 27, 2005 1:40 PM > To: [email protected] > Subject: [ActiveDir] Computer Accounts logging onto servers > > I have a Sys admin who is seeing two computer accounts logging on to > one of her applications servers. The computer account logs on with a > logon type 3 and then logs off. This admin is thinking something > nefarious is going on, while I do not. Does anyone know what might be > causing the computer accounts to logon to an application server? > > Thanks > > Dennis > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
