Find where remote logon is coming from

chavez9119 · ‎11-25-2009

I get hundreds of the following entries in my messages logs

wbem(pam_unix)[5007]: check pass; user unknown

wbem(pam_unix)[5007]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=

I suspect it is coming from a misconfigured HPSIM server but I dont know where it is. Is there a way to find out where it is coming from?

arturka · ‎11-25-2009

hi

install linux\windows server + sniffer software and then you will be able to find out who\what is trying to login to server

Artur

VCDX77 My blog - http://vmwaremine.com