Intrusion Attempt?!?!?!?!

[blubomber]

I am using Microsoft ISA server 2000 at my work for our firewall and Proxy server.

I have an Audit enabled on the server for logon events that failed or are successfull. I was checking the event logs today under the security tab and found many failed attemps. Starting around 12:20PM and continuing with 2 Failure Audits every second to 12:27PM. So i am rulling out a user on my network. Plus, it is showing that it is the Administrator trying to login. When i look at the event details, the domain shows as D1MCSW31 and the workstation is the same. D1MCSW31 is not our domain.

My firewall did not pickup anything unusual so i am not sure if it was an attack from the outside or not. Can anyone help me out here. I still have to go through my logs to see if anything is there.

Thank you for any advice and guidance.

[ArcticFox]

What ports were the attacks using?

And why are you using an ISA server when PCI is out?

[blubomber]

ArcticFox,

This has to do with the other post i have on Port 445. After doing some packet sniffing, i found that the workstation name and others were trying to connect via port 445.

What is PCI??

[ArcticFox]

Quote:

Originally posted by blubomber
What is PCI??

It's a joke. ISA was the slot that came before PCI invaded motherboards. It offered some like 2MB or whatever per second, and we are way past that right now.

[blubomber]

Sorry, i totaly missed that. Good one.