Admin Ids Getting locked

[Suresh Mankani]

Respected Sir/Madam

I have a Windows 2000 Server acting as Domian Controller
with SP3 on which Rational Clearcase is installed. I am
finding lots of ANONYMOUS LOGON (SUCCESS & FAILURE )
attempts in the event log.
But there are continous number of failed attempts from
several machines which LOCKS the clearcase admin ids and
the DOMAIN administrator id , after that all ( 65 Users )
the users cannot access the resources of the Server unless
the ids are un-locked

How do i block the ANONYMOUS login's ? Is there any way i
could restrict them & protect my admin id's

Please let me know if any patch needs to be installed ?

 

[Steven Umbach]

I don't know what Rational Clearcase is, but generally that kind of lockout
activity suggests that your firewall is not protecting your network and that
hackers are trying to access your computers. I would check your firewall
configuration to make sure it is blocking everything it should. You could go to
http://scan.sygatetech.com/ to do a quick, but basic, test of your firewall. If
these lockouts are coming from computers on your network as shown in Event ID's
in the security logs, then those computers may have been compromised and should
be unplugged and scanned for viruses and trojans and repaired/reinstalled and
hardened before plugging back in. You can also use a tool such as TCPView on a
computer to try and track down what application/process is causing suspicious
activity. The best way to tell what patches need to be installed is by going to
Windows Update or running Microsoft Baseline Security Analyzer on your
computers. You can also use the free Software Update Services on your domain to
manage patches to lan computers from an internal server running IIS. --- Steve

http://www.sysinternals.com/ntw2k/source/tcpview.shtml
http://www.microsoft.com/windowsserversystem/sus/default.mspx