Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

How can I track this down?

from [Nick Duda] Network Security [Permanent Link]
Subject: How can I track this down?
Date: Thu, 1 Jun 2006 13:21:22 -0400 

I'm getting a ton of these in my Security log on my DC. The logon
account changes every so often, but its always a name that doesn't exist
(as in we don't have a user account called 009096bb65cd) the from
Workstation always says CISCO. I can't find anything in the logs that
point me to an IP address. Running utils like nestat don't do much
because there are already so many normal connections related to it being
a DC. Any ideas?

The logon to account: 009096bb65cd
 by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
 from workstation: CISCO
 failed. The error code was: 3221225572


Regards,
Nick


---------------------
Confidentiality note
The information in this email and any attachment may contain confidential and 
proprietary information of
VistaPrint and/or its affiliates and may be privileged or otherwise protected 
from disclosure. If you are
not the intended recipient, you are hereby notified that any review, reliance 
or distribution by others
or forwarding without express permission is strictly prohibited and may cause 
liability. In case you have
received this message due to an error in transmission, please notify the sender 
immediately and to delete
this email and any attachment from your system.
---------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Automating Administrative Template Configuration In AD, Rob McComber
Next by Date:  RE: True Clientless SSLVPN, David Gillett
Previous by Thread:  Automating Administrative Template Configuration In AD, Rob McComber
Next by Thread:  RE: How can I track this down?, Roger A. Grimes
Indexes:  [Date] [Thread] [Top] [All Lists]