C
chameleon
In a year and a half since I have been using XP, I have
been using the Internet connection firewall and a Network
Everywhere router from Linksys for protection.
In that time, I have NEVER had a problem when viewing the
security audit in event viewer. It always read "success
audit".
Yesterday, I checked and saw 2 "failure audits" 2 at 7:30
in the evening and 2 again at 9:00.....I have just
checked again now, and saw another attempt at 12:00 noon.
I have attached the events. they are #'d 529 and 680.
They both come one right after another in all 3 attempts.
#680 being first each time.
----------------------------------------------------------
--------------------------
#680
Details
Product: Windows Operating System
ID: 680
Source: Security
Version: 5.2
Symbolic Name: SE_AUDITID_ACCOUNT_LOGON
Message: Logon attempt by: %1
Logon account: %2
Source Workstation: %3
Error Code: %4
Explanation
A program or service attempted to start with the logon
credentials specified in the message, which do not match
the credentials of the current user. This message is
logged for informational purposes only.
User Action
No user action is required.
----------------------------------------------------------
-------------------------
#529
Details
Product: Windows Operating System
ID: 529
Source: Security
Version: 5.0
Component: Security Event Log
Symbolic Name: SE_AUDITID_UNKNOWN_USER_OR_PWD
Message: Logon Failure:
Reason: Unknown user name or bad password
User Name: %1
Domain: %2
Logon Type: %3
Logon Process: %4
Authentication Package: %5
Workstation Name: %6
Explanation
This event record indicates an attempt to log on using an
unknown user account or a valid user account but with an
incorrect password. An unexpected increase in the number
of these audits could represent an attempt by someone to
find user accounts and passwords (such as a "dictionary"
attack, in which a list of words is used by a program to
attempt entry).
User Action
The person with administrative rights for the computer
should establish a threshold limit for attempted log ons.
Attempts in excess of the limit should be investigated as
a possible attempt to break into the computer.
*****
----------------------------------------------------------
----------------------------
What is my course of action???????? From the advise of
the second log # 529.
My DSL automatically is connected once I have turned on
my computer.
I also do not use a password.
I know that not everyone is a fan of the ICF that comes
with XP, but I am hoping that one of you can interpret
the above and advise me.
Am I safe to assume (!) that they cannot get in even
though they are trying or What???
I understand a lot about computers, but the firewalls for
whatever reason really leave me totally confused..
Thank you for any help with this.
been using the Internet connection firewall and a Network
Everywhere router from Linksys for protection.
In that time, I have NEVER had a problem when viewing the
security audit in event viewer. It always read "success
audit".
Yesterday, I checked and saw 2 "failure audits" 2 at 7:30
in the evening and 2 again at 9:00.....I have just
checked again now, and saw another attempt at 12:00 noon.
I have attached the events. they are #'d 529 and 680.
They both come one right after another in all 3 attempts.
#680 being first each time.
----------------------------------------------------------
--------------------------
#680
Details
Product: Windows Operating System
ID: 680
Source: Security
Version: 5.2
Symbolic Name: SE_AUDITID_ACCOUNT_LOGON
Message: Logon attempt by: %1
Logon account: %2
Source Workstation: %3
Error Code: %4
Explanation
A program or service attempted to start with the logon
credentials specified in the message, which do not match
the credentials of the current user. This message is
logged for informational purposes only.
User Action
No user action is required.
----------------------------------------------------------
-------------------------
#529
Details
Product: Windows Operating System
ID: 529
Source: Security
Version: 5.0
Component: Security Event Log
Symbolic Name: SE_AUDITID_UNKNOWN_USER_OR_PWD
Message: Logon Failure:
Reason: Unknown user name or bad password
User Name: %1
Domain: %2
Logon Type: %3
Logon Process: %4
Authentication Package: %5
Workstation Name: %6
Explanation
This event record indicates an attempt to log on using an
unknown user account or a valid user account but with an
incorrect password. An unexpected increase in the number
of these audits could represent an attempt by someone to
find user accounts and passwords (such as a "dictionary"
attack, in which a list of words is used by a program to
attempt entry).
User Action
The person with administrative rights for the computer
should establish a threshold limit for attempted log ons.
Attempts in excess of the limit should be investigated as
a possible attempt to break into the computer.
*****
----------------------------------------------------------
----------------------------
What is my course of action???????? From the advise of
the second log # 529.
My DSL automatically is connected once I have turned on
my computer.
I also do not use a password.
I know that not everyone is a fan of the ICF that comes
with XP, but I am hoping that one of you can interpret
the above and advise me.
Am I safe to assume (!) that they cannot get in even
though they are trying or What???
I understand a lot about computers, but the firewalls for
whatever reason really leave me totally confused..
Thank you for any help with this.