Forum Discussion
Risky event Logging discrepancies
I had an external attacker using a rotating proxy to attempt to logon to multiple accounts. The attacker would have between 60-100 logon attempts to each account. No more than one or two events from ...
As long as you see a "success" event from an IP you don't recognize, consider this account compromised.
Thank you for your response, Yes i tend to go on the side of caution, but others may say what is there to worry about the connection did not happen. I would prefer to have my caution backed up by facts what is the logic behind getting a successful authentication event immediately followed by an unsuccessful authentication due to the account being locked. Did the attacker actually guess the users password in their dictionary attempt. If so maybe next time the will succeed.