 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Windows XP / Security and Administration / November 2005Multiple Logon Failure/Success Audits
Hi: 1. While trying to login remotely to my XP machine (say XP1), I noticed multiple 'failure audits' from this machine (XP2). I did login incorrectly once and that was a valid entry to be seen in the logs of XP1. However, there were multiple such entries of which I am clueless about. Any help is appreciated. It is not unusual to see multiple logon failures recorded for a single failed logon attempt and these failures would have the same approximate timestamp. If you are seeing a lot of logon failures at different times and days then someone may be trying to access your computer and your best defense is to use a very strong user password or smart card for any account that is allowed to access the computer remotely. If you can configure your firewall to allow remote access attempts only from authorized IP addresses that can increase security but may not be possible if the users that need access do not have a static public IP address or roam from place to place. L2tp can also increase security because it requires that both computer [first] and user authenticate to the VPN connection ideally with certificates. --- Steve > Hi: > [quoted text clipped - 5 lines] > were multiple such entries of which I am clueless about. > Any help is appreciated. While the password, who can access remotely and the like policies are in place, what bothers me is that for a single bad logon, tens of entries are made in approximately a second or two. While brute force is a possibility here, all the log entries point tothe machine XP2, where I was sitting and trying to login remotely. Hence, this possibility can be disregarded ( There were no tools running during this time on XP2 - made sure of that). And wow! I didn't know I could type my password so many times in a second!!:) Jokes apart, any further ideas are appreciated. Thanks > It is not unusual to see multiple logon failures recorded for a single > failed logon attempt and these failures would have the same approximate [quoted text clipped - 18 lines] > > were multiple such entries of which I am clueless about. > > Any help is appreciated. That is known behavior in Windows and in part the number of entries depends on the number of authentication methods that are allowed as shown in the security option for lan manager authentication level in Local Security Policy [assuming XP pro] where you may want to configure it to send ntlmv2 response only for all your computers if you do not have a need to use file and print sharing ever with W9X computers. Also this is a reason Microsoft suggests for those using account lockout to use an account lockout threshold of no less than ten bad attempts. --- Steve http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/5 76.mspx --- lan manager authentication level > While the password, who can access remotely and the like policies are in > place, what bothers me is that for a single bad logon, tens of entries are [quoted text clipped - 39 lines] >> > were multiple such entries of which I am clueless about. >> > Any help is appreciated. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2010 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.