I'd be guessing its someone who has dialed up and is trying to login. They got the number, login id and password, but now with their PC connected, this leaves a trace of themselves in the network neighborhood.
your dial-in software should be able to log who dials in when and match it to the event log entries. -----Original Message----- From: Harish Gondavale [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 12, 2002 2:17 AM To: [EMAIL PROTECTED] Subject: NT Domain - unsucessful login attepmts Hi, We have got a NT domain which is used as a resource domain. Recently we found that there are few unsucessful attempts tried with some strange domain name and user id. (from security eveent logs) My question is 1. Is there any way to identify these machines - form where it was tried ? 2. Is there any way to monitor these servers and alert generated if any unsucessful attaepmt? ( I know we can implement IDS and acieve this. But any special tool for NT other than IDS. Also if IDS is the only solution then which is the best IDS)? Thanks in advance for help. Bye. Harish __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com