Guest login hack attempt 4625 (I want to know the attacker's ip ..

Page 1 of 2 12 LastLast

  1. Posts : 42
    windows10
       #1

    Guest login hack attempt 4625 (I want to know the attacker's ip ..


    Guest login hack attempt 4625 (I want to know the attacker's ip for defense purposes)

    It seems like someone is trying to hack into my computer. This is a record from Event Viewer.

    Logon Attempt
    Log Type 3
    4625 Guest (failure)
    It seems like an attempt to hack into my computer.
    4740 User Account Management (User account has been locked out) (success)
    4776 Credential Validation (failure)
    Logon Process: Advapi

    Authentication Package: Negotiate

    4688 SYSTEM
    A new process has been created.
    C:\Windows\System32\dllhost.exe
    C:\Windows\System32\svchost.exe


    I want to find out the IP address of the hacker (Guest), but even though gpedit.msc is installed, there is no option for Advanced Audit Policy > Logon > Network Security Audit(Logon). I am a Windows Home user.



    When a hacker hacks.. I want his ip to be recorded
    my purpose...

    I don't know when he breaks in.
      My Computer


  2. Posts : 8,103
    windows 10
       #2

    Its possible he doesnt have an IP if its local he wouldnt be connected to the net simple sitting outside you house checking wireless networks for free wifi or to hack
      My Computer


  3. Posts : 9,788
    Mac OS Catalina
       #3

    Unless you have it open to the computer open to the world through DMZ or it is infected, no one will get inside the router to be able to "hack" the machine. Only way to see what is going on on your network is to router traffic through say pfsense.
      My Computer


  4. Posts : 1,758
    Windows 10 Pro (+ Windows 10 Home VMs for testing)
       #4

    krdondon said:
    Guest login hack attempt 4625 (I want to know the attacker's ip for defense purposes)
    Try Nir Sofer's CurrPorts with logging enabled.

    Hope this helps...
      My Computer


  5. Posts : 31,630
    10 Home x64 (22H2) (10 Pro on 2nd pc)
       #5

    krdondon said:
    Guest login hack attempt 4625 (I want to know the attacker's ip for defense purposes)
    It seems like someone is trying to hack into my computer. This is a record from Event Viewer.
    Logon Attempt Log Type 3
    4625 Guest (failure)
    It seems like an attempt to hack into my computer. .... I want to find out the IP address of the hacker....
    It may not be a hacker, I generated an event 4625 on my PC today. This PC has a password on my account. The PC I was connecting from had the same user account name, but a different password, so I was challenge to provide the correct password before it allowed me to connect.

    In Event Viewer double-click on the Security event 4625. In its event properties window scroll down, you should see the name of the computer trying to connect, its IP address (IPv6 in my case) and the port it was connecting from under 'Network Information'.

    Code:
    Failure Information:
        Failure Reason:        Unknown user name or bad password.
        Status:            0xC000006D
        Sub Status:        0xC000006A
    
    Process Information:
        Caller Process ID:    0x0
        Caller Process Name:    -
    
    Network Information:
        Workstation Name:    DELL-5410-W11
        Source Network Address:    fe80::3912:f917:f83a:cc49
        Source Port:        50896
      My Computers


  6. Posts : 1,758
    Windows 10 Pro (+ Windows 10 Home VMs for testing)
       #6

    Instead of Event Viewer, you could grab a list using Powershell (in an elevated console):
    Code:
    Get-WinEvent -FilterHashTable @{LogName='Security';ID='4625'} | Format-List

    Hope this helps...
      My Computer


  7. Posts : 42
    windows10
    Thread Starter
       #7

    Thank you. Currently, the attack seems to be temporarily suspended. By writing an article on a web page.. is that so..

    Improvement plan.. For functions such as guest.. connection, I hope the policy is changed in the direction that the user.. downloads and installs from the ms homepage if necessary.
    :)
    I've tried several times, but it's not easy.
    There are not many cases where the general public has to create or open a guest account. I've never used it in my life.
    :)
      My Computer


  8. 3nd
    Posts : 860
    Zorin Lite
       #8

    there's no hacker . period .
    chillax
      My Computer


  9. Posts : 42
    windows10
    Thread Starter
       #9

    I was hacked in the past. My Google and other accounts were compromised, and there were also instances where other users created accounts using my ID. Recently, there have been users who have continuously sent strange emails. As someone who is interested in security and active in other forums, I have encountered malicious users occasionally. So, I am being cautious.
    :)
      My Computer


  10. Posts : 2,271
    Linux:Debian, Kali-Linux... 2xWin8.1,1x7Pro, Retro:1x2003server.1xXPpro, 1xW2k,1x98SE,1x95,1x3.11
       #10

    local and Internet security is good practice that 95% of all computer owners suck on.

    To hack someones user account like say on this site... It can be done... But it is not so easy... but not really-really hard either, as it do not have two factor authentication.

    To hack someones LAN from WAN if they have a router with built in firewall.... Can be done in some cases.
    Is there open ports on the Wan port?
    Is it an old non updated router with known vulnerabilities that can be exploited?
    Is it a router from your Internet Service Provider that has support connection option?
    "IF" the answer is YES on one or more of this three questions..... Then it is possible.... but still hard.... First you have to know the public IP of the person in question and if they have DHCP then it is the IP right now that is needed...... and if the person has an ISP with a ISP CG-NAT then it is even harder.

    To hack someones LAN from Wifi.. sadly, this is not to hard if it is a nerd that have a okay google-fu and to much time on his/her hands and the right network-card.

    To hack a computer from the same Lan.. can be done if there is any known vulnerabilities that can be exploited and isn't patched yet (keep your computer updated)


    99% of what people calling getting hacked isn't really hacked for real from one hacker targeting you.

    I wrote a post on another site a year ago that i will quote on in here.

    I'm doing a simplified non-technical post so new computer users can keep up.

    99% of all attacks is ransomware, virus, malware, trojans that can be used for a hacker to get remote access to your computer or get information from the computer....
    In almost all cases it is the user that has does something stupid.. clicking on a link on a website, in a mail or starts some infected document or install some program etc.(example evilgnome as we are on a Linux forum)

    In this cases a hardware firewall or standard out of the box activated software firewall like GUFW... they doesn't matter at all.. out of the box firewalls has the rules, block all incoming and allow all outgoing... So if you infected the computer from within the traffic does a remote access tunnel it's created from the computer and out.. it's just a nice highway for remote access as all outbound traffic is allowed. :)
    Here is a software firewall in the computer good to have if all outgoing traffic is blocked by default and you applies allow rules for only those program/processes that you want to have access out. So if a virus tries to create an remote access tunnel or tries to send data.. it can't.
    As with windows wanacry that self spread true SMB1 network, it couldn't infect other computers in the local network with that software firewall setting. (I know as that firewall setting saved my network when one of mine computer got infected.. it was a zeroday then and my AV didn't block it)

    The 1% is a real hacker that do a direct attack.
    That is really unusual. First of all.. why should just you become a target?.. Perhaps you have a public IP and does some gaming and someone is a bad loser and Ddos you as revenge... You have pissed off some really good hacker.. You have a government job or working on some topsecret project in the private sector.
    In the first one it's no worry.. a ddos doesn't last forever... The second one.. nooot good.... the two last ones.. you are screwed for real.

    We have ISP-provided modem/router firewalls, costumer router firewalls and enterprise firewalls and they all basically does the same job.
    An ISP-provided one is often the worst ones.. as they have remote access for support.. All types of remote access from the internet side.. is a weakness.
    It maybe one in a billion chance to exploit it, if the routers software is up to date and the remote access has a really strong password... But it isn't zero. So with a ISP-provided router its good to have GUFW activated. The same applies to costumer router firewalls and enterprise firewalls if you have remote access activated from the internet side WAN
    If you have pissed off a really good hacker on the other side of the world.. Then a customer hardware router/firewall, up to date and no remote access activated and a software firewall just in case if the router has a zeroday vulnerability and DHCP ISP IP is good enough.. and don't click on links. :lol:

    For the last two, corporate spying.. as a wrote: you are screwed for real. and I really mean it.
    They often uses social-engineering to get past obstacles.. or in worst cases brakes in to your home or work to get physical access to your computer and network. and if you have superglue in your USB ports, encrypted the entire harddrive, hardened your OS all state of the art firewalls and so on.. they just rig a camera and i microphone to see your screen and so on.
    Edit... GUFW is a Linux software firewall and is kind of like windows firewall..
    an good simple to use and free firewall for windows is: SimpleWall
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 14:01.
Find Us




Windows 10 Forums