anonymous login/logout event 538/540
Guest
Posts: n/a
Posts: n/a
I have just become aware of something in my security logs which puzzles
and bothers me.
There are a large number of entries for login/logout that I have no
idea why. Many of these are from a "anonymous" user. Here is the
listing for one example:
Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0x17CC7F)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: HOME-COMPUTER
Logon GUID: {00000000-0000-0000-0000-000000000000}
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Note that the computer on which this log occurs is called OFFICE-
COMPUTER. HOME-COMPUTER is another computer I have which is connected
to this one via a router (which also has a cable/modem connected).
There are even a few entries for GUEST, even though I have the
"guest" account disabled on both computers.
FWIW, OFFICE-COMPUTER is running WinXP Pro with NTFS file system. HOME-
COMPUTER is running WinXP Home with Fat32 file system.
I might add that I have also seen similar entries in the security log
for HOME-COMPUTER, except that if I recall correctly, they say that the
login/logout came from anonymous or guest at HOME, not OFFICE. I do
have guest disabled on HOME also.
I might also add that the lights on the router and also on the cable
modem are frequently flashing at a high rate, even though there is no
traffic coming or going to the internet (that I know of).
--
R. Dale Shipp
dale@min.net
Linear Mode
