Archived from groups: microsoft.public.win2000.security (More info?)
This started happening recently. My security log is showing repeated failed logon attempts for non-standard Local (not AD) user accounts (i.e. local user accounts I created). These comes in batches that happen so fast (about 10 seconds for five logon attempts & lockout) that I am certain it is robotic.
These are all failed logons to VALID Local user accounts and are NOT accompanied by attempts to logon to non-existent account as I might expect with a robot that is guessing common user names; the remote user is somehow gaining access to the Local user names.
So far, the passwords have kept the bad guys out, but (setting aside for the moment the issue of which port is being used) my big question is how is it possible for a remote user to read the Local user names?
This started happening recently. My security log is showing repeated failed logon attempts for non-standard Local (not AD) user accounts (i.e. local user accounts I created). These comes in batches that happen so fast (about 10 seconds for five logon attempts & lockout) that I am certain it is robotic.
These are all failed logons to VALID Local user accounts and are NOT accompanied by attempts to logon to non-existent account as I might expect with a robot that is guessing common user names; the remote user is somehow gaining access to the Local user names.
So far, the passwords have kept the bad guys out, but (setting aside for the moment the issue of which port is being used) my big question is how is it possible for a remote user to read the Local user names?