# Intrusion Attempts - 2008 R2 - Event Viewer.



## kabees (May 22, 2006)

Dear all, 

We have windows server 2008 R2 running on intel xeon machine. For past few weeks, we are getting repeated login attempts from one of our local network machine. In event viewer under security, we are flooded with logon failure entries from that particular machine. The login is desperately trying for Administrator account, the attempts are so quick and seems to be automated through some script or virus. We used "Windows Advanced Firewall" (WF.MSC) to narrow the scope of remote desktop. We gave selected Ip addresses of our lan, excluding the machine which is trying for login. Still we are able to see the login attempts, they are flooding with attempts. 

Help !

with regards,
kabees.


----------



## BenTechMac (Jul 8, 2010)

Could you be more specific with the error code reported in the Security Event log.


----------



## kabees (May 22, 2006)

Here I quote the log file.



> An account failed to log on.
> 
> Subject:
> Security ID: NULL SID
> ...


----------

