Guest login hack attempt 4625 (I want to know the attacker's ip ..

Its possible he doesnt have an IP if its local he wouldnt be connected to the net simple sitting outside you house checking wireless networks for free wifi or to hack

krdondon said:

Guest login hack attempt 4625 (I want to know the attacker's ip for defense purposes)
It seems like someone is trying to hack into my computer. This is a record from Event Viewer.
Logon Attempt Log Type 3
4625 Guest (failure)
It seems like an attempt to hack into my computer. .... I want to find out the IP address of the hacker....

It may not be a hacker, I generated an event 4625 on my PC today. This PC has a password on my account. The PC I was connecting from had the same user account name, but a different password, so I was challenge to provide the correct password before it allowed me to connect.

In Event Viewer double-click on the Security event 4625. In its event properties window scroll down, you should see the name of the computer trying to connect, its IP address (IPv6 in my case) and the port it was connecting from under 'Network Information'.

Code:

Failure Information:
    Failure Reason:        Unknown user name or bad password.
    Status:            0xC000006D
    Sub Status:        0xC000006A

Process Information:
    Caller Process ID:    0x0
    Caller Process Name:    -

Network Information:
    Workstation Name:    DELL-5410-W11
    Source Network Address:    fe80::3912:f917:f83a:cc49
    Source Port:        50896

there's no hacker . period .
chillax

local and Internet security is good practice that 95% of all computer owners suck on.

To hack someones user account like say on this site... It can be done... But it is not so easy... but not really-really hard either, as it do not have two factor authentication.

To hack someones LAN from WAN if they have a router with built in firewall.... Can be done in some cases.
Is there open ports on the Wan port?
Is it an old non updated router with known vulnerabilities that can be exploited?
Is it a router from your Internet Service Provider that has support connection option?
"IF" the answer is YES on one or more of this three questions..... Then it is possible.... but still hard.... First you have to know the public IP of the person in question and if they have DHCP then it is the IP right now that is needed...... and if the person has an ISP with a ISP CG-NAT then it is even harder.

To hack someones LAN from Wifi.. sadly, this is not to hard if it is a nerd that have a okay google-fu and to much time on his/her hands and the right network-card.

To hack a computer from the same Lan.. can be done if there is any known vulnerabilities that can be exploited and isn't patched yet (keep your computer updated)


99% of what people calling getting hacked isn't really hacked for real from one hacker targeting you.

I wrote a post on another site a year ago that i will quote on in here.

I'm doing a simplified non-technical post so new computer users can keep up.

99% of all attacks is ransomware, virus, malware, trojans that can be used for a hacker to get remote access to your computer or get information from the computer....
In almost all cases it is the user that has does something stupid.. clicking on a link on a website, in a mail or starts some infected document or install some program etc.(example evilgnome as we are on a Linux forum)

In this cases a hardware firewall or standard out of the box activated software firewall like GUFW... they doesn't matter at all.. out of the box firewalls has the rules, block all incoming and allow all outgoing... So if you infected the computer from within the traffic does a remote access tunnel it's created from the computer and out.. it's just a nice highway for remote access as all outbound traffic is allowed. :)
Here is a software firewall in the computer good to have if all outgoing traffic is blocked by default and you applies allow rules for only those program/processes that you want to have access out. So if a virus tries to create an remote access tunnel or tries to send data.. it can't.
As with windows wanacry that self spread true SMB1 network, it couldn't infect other computers in the local network with that software firewall setting. (I know as that firewall setting saved my network when one of mine computer got infected.. it was a zeroday then and my AV didn't block it)

The 1% is a real hacker that do a direct attack.
That is really unusual. First of all.. why should just you become a target?.. Perhaps you have a public IP and does some gaming and someone is a bad loser and Ddos you as revenge... You have pissed off some really good hacker.. You have a government job or working on some topsecret project in the private sector.
In the first one it's no worry.. a ddos doesn't last forever... The second one.. nooot good.... the two last ones.. you are screwed for real.

We have ISP-provided modem/router firewalls, costumer router firewalls and enterprise firewalls and they all basically does the same job.
An ISP-provided one is often the worst ones.. as they have remote access for support.. All types of remote access from the internet side.. is a weakness.
It maybe one in a billion chance to exploit it, if the routers software is up to date and the remote access has a really strong password... But it isn't zero. So with a ISP-provided router its good to have GUFW activated. The same applies to costumer router firewalls and enterprise firewalls if you have remote access activated from the internet side WAN
If you have pissed off a really good hacker on the other side of the world.. Then a customer hardware router/firewall, up to date and no remote access activated and a software firewall just in case if the router has a zeroday vulnerability and DHCP ISP IP is good enough.. and don't click on links. :lol:

For the last two, corporate spying.. as a wrote: you are screwed for real. and I really mean it.
They often uses social-engineering to get past obstacles.. or in worst cases brakes in to your home or work to get physical access to your computer and network. and if you have superglue in your USB ports, encrypted the entire harddrive, hardened your OS all state of the art firewalls and so on.. they just rig a camera and i microphone to see your screen and so on.

Edit... GUFW is a Linux software firewall and is kind of like windows firewall..
an good simple to use and free firewall for windows is: SimpleWall