locked
Login/Logout Event Viewer RRS feed

  • Question

  •  

    Hi folks,

     

    Could a few people check in their event view>security and see how many logon/logoff attempts being made. There's loads in mine. One is by ANONYMOUS USER. Any ideas who/what is and should I be worried? Since 9/01/2008 there are 68,000 logs in security, most of which are logon/logoff.

     

    Thanks

    Tuesday, May 6, 2008 3:30 PM

All replies

  • You shouldn't worry too much about successful logon/logoff attempts; those represent the Connector polling the server for availability. ANONYMOUS USER may represent the initial opening of the Remote Access web site, but I'm not where I can check easily.

    You should mostly be concerned with failure audits, particularly those that come from the Internet.
    Tuesday, May 6, 2008 3:59 PM
    Moderator
  •  Ken Warren wrote:
    You shouldn't worry too much about successful logon/logoff attempts; those represent the Connector polling the server for availability. ANONYMOUS USER may represent the initial opening of the Remote Access web site, but I'm not where I can check easily.

    You should mostly be concerned with failure audits, particularly those that come from the Internet.

     

    I am quite amazed at the complete lack of unauthorized probes into my WHS on TCP Port 443. Except for an occasional test that I perform, ie. wrong user ID or password, I see absolutely no probes. That certainly was not the case when I ran a SSH server in the past on the default TCP Port 22. Then it was almost constant activity. I guess the script kiddies are not expecting a home user to be running anything on TCP Port 443 for what that is worth.

    Wednesday, May 7, 2008 2:12 PM
  • Thanks Ken. There aren't any continous failed attempts that might indicate an attack. My passwords are pretty strong but all that means it takes a bit longer to crack and hopefully script kiddies would give up! Might implement account lockout after say 5 tries just to be on the safe side!

     

    Wednesday, May 7, 2008 4:28 PM
  • I see them two or three times a week, Al.
    Wednesday, May 7, 2008 4:32 PM
    Moderator