Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Every day at exact same time- CLI administrator login denied due to bad credentials

I am seeing this error message in the logs on our TZ400 every day at (within 2 seconds) the exact same time from the same workstation WITHIN our network. What should I look for to be causing this? It looks suspicious to me.

Category: Entry Level Firewalls
Reply
Tagged:

Answers

  • TKWITSTKWITS Cybersecurity Overlord ✭✭✭

    Look at the workstation.

  • mcareymcarey Newbie ✭

    Yes, that is what I did, but not sure what to look for. I watched the screen at that exact time and nothing popped or seemed to happen. I was hoping to learn what to look for, or where to look on the workstation.

  • mcareymcarey Newbie ✭

    There is nothing that i can see in the Task Scheduler that runs at this time of day.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @mcarey I would run a Packet-Monitor on the Firewall to check if the packets are indeed initiated from the network and by comparing the MAC address to make sure from the mentioned Workstation.

    If the packets are coming from this Workstation I would have a look in the Sysinternals arsenal (if it's on Windows) to find a tool which shows me what process is trying to connect.

    It's a bit of a detective work to do here.

    --Michael@BWC

Sign In or Register to comment.