Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

529 logon/logoff failure audits second by second


  • Please log in to reply
No replies to this topic

#1 finiteworld

finiteworld

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 22 December 2008 - 11:55 PM

OK, I'm way confused. I have auditing for logon/logoff set to "Success/Failure" in my event logs. I've noticed numerous failed logon attempts; types 2, 3, and 8. I tell myself that there must be a logical explanation for these numerous failed logon attempts but cannot find any. I use the machine 96% of the time and my wife the other 4%. She is on a user-access account. I'm on an admin-account and should probably use my power-user account more often.

The peak of this problem is that for approx two minutes on Dec 18th '08 I had a failed logon attempt each second of those two minutes. These were logon type 3 attempts. My PC is Lenovo X61 and is configured on a workgroup, not on a network of any kind. This is my home internet connection. I have one other pc and it is not configured with my Lenovo to be on any sort of network, they simply connect through the router; no domain is set.

My laptop (and desktop) is protected with Kaspersky Internet Security 2009 and also is behind a wireless NAT Linksys router with firewall features on. I also have that router set so that wireless machines cannot communicate with eachother. UPNP and SSDP are disabled as is Remote Help/Assistance.

All of my machines are fully patched and updated as per Microsoft and Thinkpad update utilities.

I also run spybot once or so per week on top of Kaspersky's high-security-settings scans. The worst that I've found are tracking cookies. My machine is not slow or showing other signs of infection by anything.

I'm hoping that there is an application-based explanation for the numerous failed attempts to logon to my account, but I cannot figure it out.

I hope that it's not the result of Lenovo's crap-ware; their software has given me headaches way too much in the past and I'll never purchase another one again.

I can post logs, or whatever would be needed. These are all 529 event id's. Please help me to figure this one out. There are other errors, though, these 529's are my main concern.

thanks.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users