RE: Tracing Computers making repeated Logon Requests

Ken Cornetet Wed, 11 Sep 2002 06:44:53 -0700

nbtstat -a workstationname

Gives something like this (note IP address and MAC address):


E:\WINNT>nbtstat -a nts51

\Device\NetBT_Tcpip_{EF089F68-2FA3-4D88-B995-489E72F64BBF}:
Node IpAddress: [0.0.0.0] Scope Id: []

    Host not found.

Local Area Connection 2:
Node IpAddress: [167.178.70.30] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    NTS51          <00>  UNIQUE      Registered
    KII            <00>  GROUP       Registered
    NTS51          <03>  UNIQUE      Registered
    NTS51          <20>  UNIQUE      Registered
    KIM37          <20>  UNIQUE      Registered
    KIM42          <20>  UNIQUE      Registered
    INet~Services  <1C>  GROUP       Registered
    IS~NTS51.......<00>  UNIQUE      Registered

    MAC Address = 00-A0-C9-EB-03-49

If the MAC address comes back as 0's, you are most likely dealing with a
unix/samba box.

-----Original Message-----
From: Steven A. Christensen [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 11, 2002 8:22 AM
To: Exchange Discussions
Subject: Re: Tracing Computers making repeated Logon Requests


ping workstationname

----- Original Message ----- 
From: "Charles Carerros" <[EMAIL PROTECTED]>
To: "Exchange Discussions" <[EMAIL PROTECTED]>
Sent: Wednesday, September 11, 2002 08:19
Subject: OT: Tracing Computers making repeated Logon Requests


Hey all,

This is really off topic, but I am having problems find a solution.  

There are a number of workstations that are repeatedly trying to hack my
admin password on two of my subnets.  I can see when they try their
password attempts and they are using basic Microsoft Authentication.
However the Event Viewer only gives me the workstation name (and the
domain/work group name which is the same as the workstation name).  Does
anyone have any suggestions as to how I could pin down an IP address.  

The nature of these attempts (and timing) could point out that some
student either has been hacked or is purposely running these.  As such,
if I can discern an IP address I can put an end to them.

Thanks,

Chuck

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

RE: Tracing Computers making repeated Logon Requests

Reply via email to