Educause Security Discussion mailing list archives
Re: AD Logs
From: "Blackwood, James" <jblackwood () LAGRANGE EDU>
Date: Mon, 27 Nov 2017 16:07:27 +0000
I’ve seen ADs report multiple failed login attempts while trying to track down worm infections. Those were isolated to a single (or a handful) of specific hosts though. Are these successful logins from computers logging in to AD or users logging into computers? James James Blackwood Senior Director Instructional and Information Technology LaGrange College (706) 880-8050 phone (706) 880-8055 fax jblackwood () lagrange edu<mailto:jblackwood () lagrange edu> 601 Broad St., LaGrange, GA 30240 www.lagrange.edu<http://www.lagrange.edu> From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Frank Barton <bartonf () HUSSON EDU> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Monday, November 27, 2017 at 10:54 AM To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] AD Logs Good morning folks, I was going through our logs from last week, and I noticed something rather odd. Starting last Tuesday, our DCs started logging a huge increase in successful-computer-login events. to the tune of 25x the number from before. I haven't been able to narrow this dow to anything specific, or to any specific host on the network. Has anybody else seen anything like this before? Thank You Frank -- Frank Barton Security+, ACMT IT Systems Administrator Husson University
Current thread:
- AD Logs Frank Barton (Nov 27)
- Re: AD Logs Kevin Wilcox (Nov 27)
- Re: AD Logs Frank Barton (Nov 27)
- Re: AD Logs Blackwood, James (Nov 27)
- Re: AD Logs Kevin Wilcox (Nov 27)