Guess I should have put in all the relevant information, I'm not running a firewall (this wasn't my decision so you don't have to tell me how stupid that is) or an ISA server which means this attack can be coming from anywhere. Also, my attempts to ping the workstation name come up with host not found error.
Any other suggestions??? Thanks, Chuck -----Original Message----- From: Steven A. Christensen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 11, 2002 8:22 AM To: Exchange Discussions Subject: Re: Tracing Computers making repeated Logon Requests ping workstationname ----- Original Message ----- From: "Charles Carerros" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Wednesday, September 11, 2002 08:19 Subject: OT: Tracing Computers making repeated Logon Requests Hey all, This is really off topic, but I am having problems find a solution. There are a number of workstations that are repeatedly trying to hack my admin password on two of my subnets. I can see when they try their password attempts and they are using basic Microsoft Authentication. However the Event Viewer only gives me the workstation name (and the domain/work group name which is the same as the workstation name). Does anyone have any suggestions as to how I could pin down an IP address. The nature of these attempts (and timing) could point out that some student either has been hacked or is purposely running these. As such, if I can discern an IP address I can put an end to them. Thanks, Chuck _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
