Login/Logout Event Viewer

All replies

• 

  

  0

  Sign in to vote

  You shouldn't worry too much about successful logon/logoff attempts; those represent the Connector polling the server for availability. ANONYMOUS USER may represent the initial opening of the Remote Access web site, but I'm not where I can check easily.
  
  You should mostly be concerned with failure audits, particularly those that come from the Internet.
  

  Tuesday, May 6, 2008 3:59 PM

  Moderator
• 

  

  0

  Sign in to vote

  Ken Warren wrote:

  You shouldn't worry too much about successful logon/logoff attempts; those represent the Connector polling the server for availability. ANONYMOUS USER may represent the initial opening of the Remote Access web site, but I'm not where I can check easily. You should mostly be concerned with failure audits, particularly those that come from the Internet.

   

  I am quite amazed at the complete lack of unauthorized probes into my WHS on TCP Port 443. Except for an occasional test that I perform, ie. wrong user ID or password, I see absolutely no probes. That certainly was not the case when I ran a SSH server in the past on the default TCP Port 22. Then it was almost constant activity. I guess the script kiddies are not expecting a home user to be running anything on TCP Port 443 for what that is worth.

  Wednesday, May 7, 2008 2:12 PM
• 

  

  0

  Sign in to vote

  Thanks Ken. There aren't any continous failed attempts that might indicate an attack. My passwords are pretty strong but all that means it takes a bit longer to crack and hopefully script kiddies would give up! Might implement account lockout after say 5 tries just to be on the safe side!

   

  Wednesday, May 7, 2008 4:28 PM
• 

  

  0

  Sign in to vote

  I see them two or three times a week, Al.
  

  Wednesday, May 7, 2008 4:32 PM

  Moderator