Security Incidents mailing list archives
Re: Weird Windows logon attempts
From: Russell Fulton <r.fulton () auckland ac nz>
Date: 26 Feb 2003 12:14:56 +1300
On Tue, 2003-02-25 at 00:38, H C wrote:
Harry, Have you gone back to the boxes and retrieved the actual EventLog entries? There's some info missing from the syslog entry below that may be useful.
Hi, I'll respond for Harry who is bogged down with other things at the moment. It turned out that we had several machine infected with SoBig, sigh... All our machines are supposed to have up to date AV software but with 1000s of machines some get missed. Thanks to all who responded with advice. Cheers, Russell. -- Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand "It aint necessarily so" - Gershwin ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
Current thread:
- Weird Windows logon attempts Harry Hoffman (Feb 23)
- Re: Weird Windows logon attempts Jacco Tunnissen (Feb 24)
- Re: Weird Windows logon attempts H C (Feb 25)
- Re: Weird Windows logon attempts Russell Fulton (Feb 26)
- RE: Weird Windows logon attempts Mary McAllister (Feb 26)
- Re: Weird Windows logon attempts Russell Fulton (Feb 26)
- <Possible follow-ups>
- Re: Weird Windows logon attempts Bojan Zdrnja (Feb 24)
- RE: Weird Windows logon attempts Terence Runge (Feb 24)