nbtstat -a workstationname Gives something like this (note IP address and MAC address):
E:\WINNT>nbtstat -a nts51 \Device\NetBT_Tcpip_{EF089F68-2FA3-4D88-B995-489E72F64BBF}: Node IpAddress: [0.0.0.0] Scope Id: [] Host not found. Local Area Connection 2: Node IpAddress: [167.178.70.30] Scope Id: [] NetBIOS Remote Machine Name Table Name Type Status --------------------------------------------- NTS51 <00> UNIQUE Registered KII <00> GROUP Registered NTS51 <03> UNIQUE Registered NTS51 <20> UNIQUE Registered KIM37 <20> UNIQUE Registered KIM42 <20> UNIQUE Registered INet~Services <1C> GROUP Registered IS~NTS51.......<00> UNIQUE Registered MAC Address = 00-A0-C9-EB-03-49 If the MAC address comes back as 0's, you are most likely dealing with a unix/samba box. -----Original Message----- From: Steven A. Christensen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 11, 2002 8:22 AM To: Exchange Discussions Subject: Re: Tracing Computers making repeated Logon Requests ping workstationname ----- Original Message ----- From: "Charles Carerros" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Wednesday, September 11, 2002 08:19 Subject: OT: Tracing Computers making repeated Logon Requests Hey all, This is really off topic, but I am having problems find a solution. There are a number of workstations that are repeatedly trying to hack my admin password on two of my subnets. I can see when they try their password attempts and they are using basic Microsoft Authentication. However the Event Viewer only gives me the workstation name (and the domain/work group name which is the same as the workstation name). Does anyone have any suggestions as to how I could pin down an IP address. The nature of these attempts (and timing) could point out that some student either has been hacked or is purposely running these. As such, if I can discern an IP address I can put an end to them. Thanks, Chuck _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]