|
Posted by =?Utf-8?B?Q0NJIEhlbHBkZXNr?= on September 6, 2007, 1:02 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Yes, we have UltraVNC installed.
CCI
"jwgoerlich@gmail.com" wrote:
> That is strange. Is Vnc installed on this Citrix server, by chance?
>
> J Wolfgang Goerlich
>
> On Sep 6, 11:20 am, CCI Helpdesk
> > Roger,
> >
> > Thanks - this is a Citrix Server - we do not have an account "isdiua" in our
> > domain by that name.
> >
> > Unless it is some acronym for a Microsoft service?
> >
> > It is like we are "hit" with that login as an initial login attempt for a
> > non-account then attempting to user our Helpdesk account to login. After that
> > the next entry shows the Helpdesk account has been locked out. It looks like
> > we are being probed with some password attack agent - is there a way to
> > detect that?
> >
> > We are trying to figure out how the "vermin" are attempting to use the
> > single logon NTLM authentication to gain access.
> >
> > Thanks
> > CCI Helpdesk
> >
> >
> >
> > "CCI Helpdesk" wrote:
> > > Folks,
> >
> > > We are seeing this entry in the Security log of our event viewer on one of
> > > our servers.
> >
> > > It is usually followed by a failed attempt to login with a standard user
> > > account.
> > > The account usually gets "locked out"
> >
> > > This is what we see prior to the "lock out"
> >
> > > Logon Failure:
> > > Reason: Unknown user name or bad password
> > > User Name: isdiua
> > > Domain: CCI-USA
> > > Logon Type: 3
> > > Logon Process: NtLmSsp
> > > Authentication Package: NTLM
> >
> > > Has anyone see this before? Is someone piggybacking on someone's login the
> > > network from a remote computer?
> >
> > > Please advise.
> >
> > > CCI Helpdesk.- Hide quoted text -
> >
> > - Show quoted text -
>
>
>
| 
XML site map