Our vBulletin migration is complete.
Welcome vBulletin users! All content and user information from the Micro Focus Forums (vBulletin) site has been migrated to this site. READ MORE.
Anonymous_User Absent Member.
Absent Member.
939 views

Weird intruder address

I'm running NW 6.5 SP5. Our Admin account keeps getting locked out on
the server and we can't figure out what's causing it. The weird part is
when I check for the intruder address, all it says is "12" That's it.
Any idea what this means? Any way I can try to find out who's doing it?
Only one of my server is beeping with this message, so would that mean
this is the server that's causing it or is something on this server
that's causing it?

Howard
Labels (2)
0 Likes
7 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Weird intruder address

On Fri, 23 Feb 2007 18:04:53 GMT, Nuri Inuki
<howard.yuan@spam.valence.com> wrote:

>I'm running NW 6.5 SP5. Our Admin account keeps getting locked out on
>the server and we can't figure out what's causing it. The weird part is
>when I check for the intruder address, all it says is "12" That's it.


"12" is the network address value you get if something is using the
server's internal network.


---------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu

I'm tired of receiving rubbish in my mailbox, so the E-mail address is
munged to foil the junkmail bots. Humans will figure it out on their own.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Weird intruder address

David Gersic wrote:
> On Fri, 23 Feb 2007 18:04:53 GMT, Nuri Inuki
> <howard.yuan@spam.valence.com> wrote:
>
>> I'm running NW 6.5 SP5. Our Admin account keeps getting locked out on
>> the server and we can't figure out what's causing it. The weird part is
>> when I check for the intruder address, all it says is "12" That's it.

>
> "12" is the network address value you get if something is using the
> server's internal network.


Server's internal network...as in a service running on the server?
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Weird intruder address

Howard,
You've got an application or service running on a server that's trying to
log in with an outdated admin password. Could be AV software, backups, or
something like UPS control software that was originally installed with the
admin account instead of a user account. Bet you recently changed the admin
password............

--
Brent

"Life should NOT be a journey to the grave with the intention of arriving
safely in an attractive and well preserved body, but rather to skid in
sideways, chocolate in one hand, martini in the other, body thoroughly used
up, totally worn out and screaming "WOO HOO what a ride!"


"Nuri Inuki" <howard.yuan@spam.valence.com> wrote in message
news:USJDh.295$ra4.259@prv-forum2.provo.novell.com...
> David Gersic wrote:
>> On Fri, 23 Feb 2007 18:04:53 GMT, Nuri Inuki
>> <howard.yuan@spam.valence.com> wrote:
>>
>>> I'm running NW 6.5 SP5. Our Admin account keeps getting locked out on
>>> the server and we can't figure out what's causing it. The weird part is
>>> when I check for the intruder address, all it says is "12" That's it.

>>
>> "12" is the network address value you get if something is using the
>> server's internal network.

>
> Server's internal network...as in a service running on the server?



0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Weird intruder address

Brent Wolfe wrote:
> Howard,
> You've got an application or service running on a server that's trying to
> log in with an outdated admin password. Could be AV software, backups, or
> something like UPS control software that was originally installed with the
> admin account instead of a user account. Bet you recently changed the admin
> password............
>

That was the weird part....we didn't. It just started happening one day
and we don't know what is causing it...

We did...however...fix some replica issues...but the admin account is
still using the right password...so unless the replica changed one of
the services back to using an old password.

Whatever is doing it keeps trying roughly every 15 minutes or so...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Weird intruder address

On Fri, 23 Feb 2007 22:27:00 GMT, Nuri Inuki
<howard.yuan@spam.valence.com> wrote:

>David Gersic wrote:
>> On Fri, 23 Feb 2007 18:04:53 GMT, Nuri Inuki
>> <howard.yuan@spam.valence.com> wrote:
>>
>>> I'm running NW 6.5 SP5. Our Admin account keeps getting locked out on
>>> the server and we can't figure out what's causing it. The weird part is
>>> when I check for the intruder address, all it says is "12" That's it.

>>
>> "12" is the network address value you get if something is using the
>> server's internal network.

>
>Server's internal network...as in a service running on the server?


Yes, something like that. Start unloading things until it stops doing
it.


---------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu

I'm tired of receiving rubbish in my mailbox, so the E-mail address is
munged to foil the junkmail bots. Humans will figure it out on their own.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Weird intruder address

Might even be an ldap bind...

Don

David Gersic wrote:
> On Fri, 23 Feb 2007 22:27:00 GMT, Nuri Inuki
> <howard.yuan@spam.valence.com> wrote:
>
>> David Gersic wrote:
>>> On Fri, 23 Feb 2007 18:04:53 GMT, Nuri Inuki
>>> <howard.yuan@spam.valence.com> wrote:
>>>
>>>> I'm running NW 6.5 SP5. Our Admin account keeps getting locked out on
>>>> the server and we can't figure out what's causing it. The weird part is
>>>> when I check for the intruder address, all it says is "12" That's it.
>>> "12" is the network address value you get if something is using the
>>> server's internal network.

>> Server's internal network...as in a service running on the server?

>
> Yes, something like that. Start unloading things until it stops doing
> it.
>
>
> ---------------------------------------------------------------------------
> David Gersic dgersic_@_niu.edu
>
> I'm tired of receiving rubbish in my mailbox, so the E-mail address is
> munged to foil the junkmail bots. Humans will figure it out on their own.


--
D.Lohr
Technical Services
James Madison University

++ Bad command or file name ++
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Weird intruder address

Do tell!?!?!?!
"D.Lohr" <lohrda@jmu.edu> wrote in message
news:Us%Eh.1943$ra4.1127@prv-forum2.provo.novell.com...
> Might even be an ldap bind...
>
> Don
>
> David Gersic wrote:
>> On Fri, 23 Feb 2007 22:27:00 GMT, Nuri Inuki
>> <howard.yuan@spam.valence.com> wrote:
>>
>>> David Gersic wrote:
>>>> On Fri, 23 Feb 2007 18:04:53 GMT, Nuri Inuki
>>>> <howard.yuan@spam.valence.com> wrote:
>>>>
>>>>> I'm running NW 6.5 SP5. Our Admin account keeps getting locked out on
>>>>> the server and we can't figure out what's causing it. The weird part
>>>>> is when I check for the intruder address, all it says is "12" That's
>>>>> it.
>>>> "12" is the network address value you get if something is using the
>>>> server's internal network.
>>> Server's internal network...as in a service running on the server?

>>
>> Yes, something like that. Start unloading things until it stops doing
>> it.
>>
>>
>> ---------------------------------------------------------------------------
>> David Gersic
>> dgersic_@_niu.edu
>>
>> I'm tired of receiving rubbish in my mailbox, so the E-mail address is
>> munged to foil the junkmail bots. Humans will figure it out on their
>> own.

>
> --
> D.Lohr
> Technical Services
> James Madison University
>
> ++ Bad command or file name ++



0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.