Auditoria de seguridad de accesos remotos

Jesús R. Ortega

Modulo 3 día 4

auditoria acceso remoto

Curso 1

Guillermo Obispo

Jesús R. Ortega

Jorge Navas

auditoria IT

M1

Jorge Navas Elorza

seguridad informática

M2

Guillermo Obispo San Román

acceso remoto

M3

Jesús Rodríguez Ortega

M3: agenda

día 1: tecnología: acceso remoto

día 2: normativa: lista de comprobación 1

día 4: trazabilidad: logs

día 3: normativa: lista de comprobación 2

¿?

Aspecto fundamental para la auditoría...

trazabilidad

...y para la disponibilidad del servicio

análisis de riesgos

trazabilidad

logs

log

trazabilidad

registrar, anotar, apuntar

logs

trazabilidad

com

servers

apps (...)

logs

trazabilidad

inmanejable

logs

trazabilidad

ejemplos

Microsoft RDP

VPN

VPN

DC1

DC2

TS

apps

DA

DNS

ficheros

logs

trazabilidad

logs

trazabilidad

VPN

VPN

DC1

DC2

TS

apps

DA

DNS

ficheros

log de la VPN

log de seguridad

logs servidor (dc's/DA)

logs

trazabilidad

VPN

VPN

DC1

DC2

TS

apps

DA

DNS

ficheros

log de la VPN

log de seguridad

logs servidor (dc's/DA)

Tue Apr 13 11:57:36 2021 : rcvd [IPCP ConfRej id=0x63 <addrs 0.0.0.0 172.26.0.206>]
Tue Apr 13 11:57:36 2021 : sent [IPCP ConfReq id=0x64 <addrs 0.0.0.0 172.26.0.206>]
Tue Apr 13 11:57:38 2021 : rcvd [IPCP ConfReq id=0x2 <addr 172.26.0.206> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:57:38 2021 : ipcp: returning Configure-ACK
Tue Apr 13 11:57:38 2021 : sent [IPCP ConfAck id=0x2 <addr 172.26.0.206> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:57:39 2021 : sent [IPCP ConfReq id=0x64 <addrs 0.0.0.0 172.26.0.206>]
Tue Apr 13 11:57:41 2021 : rcvd [IPCP ConfReq id=0x2 <addr 172.26.0.206> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:57:41 2021 : ipcp: returning Configure-ACK
Tue Apr 13 11:57:41 2021 : sent [IPCP ConfAck id=0x2 <addr 172.26.0.206> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:57:42 2021 : Received protocol dictionaries
Tue Apr 13 11:57:42 2021 : sent [IPCP ConfReq id=0x64 <addrs 0.0.0.0 172.26.0.206>]
Tue Apr 13 11:57:44 2021 : rcvd [IPCP ConfReq id=0x2 <addr 172.26.0.206> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:57:44 2021 : ipcp: returning Configure-ACK
Tue Apr 13 11:57:44 2021 : sent [IPCP ConfAck id=0x2 <addr 172.26.0.206> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:57:45 2021 : sent [IPCP ConfReq id=0x64 <addrs 0.0.0.0 172.26.0.206>]
Tue Apr 13 11:57:45 2021 : rcvd [LCP EchoReq id=0xa4 magic=0x2e7143dc]
Tue Apr 13 11:57:45 2021 : sent [LCP EchoRep id=0xa4 magic=0x7a8d2c7b]
Tue Apr 13 11:57:47 2021 : rcvd [IPCP ConfReq id=0x2 <addr 172.26.0.206> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:57:47 2021 : ipcp: returning Configure-ACK
Tue Apr 13 11:57:47 2021 : sent [IPCP ConfAck id=0x2 <addr 172.26.0.206> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:57:48 2021 : sent [IPCP ConfReq id=0x64 <addrs 0.0.0.0 172.26.0.206>]
Tue Apr 13 11:57:50 2021 : rcvd [IPCP ConfReq id=0x2 <addr 172.26.0.206> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:57:50 2021 : ipcp: returning Configure-ACK
Tue Apr 13 11:57:50 2021 : sent [IPCP ConfAck id=0x2 <addr 172.26.0.206> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:57:51 2021 : sent [IPCP ConfReq id=0x64 <addrs 0.0.0.0 172.26.0.206>]
Tue Apr 13 11:57:53 2021 : rcvd [IPCP ConfReq id=0x2 <addr 172.26.0.206> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:57:53 2021 : ipcp: returning Configure-ACK
Tue Apr 13 11:57:53 2021 : sent [IPCP ConfAck id=0x2 <addr 172.26.0.206> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:57:54 2021 : sent [IPCP ConfReq id=0x64 <addrs 0.0.0.0 172.26.0.206>]
Tue Apr 13 11:57:56 2021 : rcvd [IPCP ConfReq id=0x2 <addr 172.26.0.206> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:57:56 2021 : ipcp: returning Configure-ACK
Tue Apr 13 11:57:56 2021 : sent [IPCP ConfAck id=0x2 <addr 172.26.0.206> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:57:57 2021 : sent [IPCP ConfReq id=0x64 <addrs 0.0.0.0 172.26.0.206>]
Tue Apr 13 11:57:59 2021 : rcvd [IPCP ConfReq id=0x2 <addr 172.26.0.206> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:57:59 2021 : ipcp: returning Configure-ACK
Tue Apr 13 11:57:59 2021 : sent [IPCP ConfAck id=0x2 <addr 172.26.0.206> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:58:00 2021 : sent [IPCP ConfReq id=0x64 <addrs 0.0.0.0 172.26.0.206>]
Tue Apr 13 11:58:02 2021 : rcvd [IPCP ConfReq id=0x2 <addr 172.26.0.206> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:58:02 2021 : ipcp: returning Configure-ACK
Tue Apr 13 11:58:02 2021 : sent [IPCP ConfAck id=0x2 <addr 172.26.0.206> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:58:03 2021 : sent [IPCP ConfReq id=0x64 <addrs 0.0.0.0 172.26.0.206>]
Tue Apr 13 11:58:05 2021 : rcvd [IPCP ConfReq id=0x2 <addr 172.26.0.206> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:58:05 2021 : ipcp: returning Configure-ACK
Tue Apr 13 11:58:05 2021 : sent [IPCP ConfAck id=0x2 <addr 172.26.0.206> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:58:05 2021 : rcvd [LCP EchoReq id=0xa5 magic=0x2e7143dc]
Tue Apr 13 11:58:05 2021 : sent [LCP EchoRep id=0xa5 magic=0x7a8d2c7b]
Tue Apr 13 11:58:06 2021 : IPCP: timeout sending Config-Requests
Tue Apr 13 11:58:16 2021 : sent [LCP EchoReq id=0x88 magic=0x7a8d2c7b]
2021-04-13 11:58:46 CEST	terminating on signal 15
#End-Date: 2021-04-13 11:58:46 CEST
Tue Apr 13 11:58:46 2021 : Terminating on signal 15.
Tue Apr 13 11:58:46 2021 : sent [LCP TermReq id=0x3 "User request"]
Tue Apr 13 11:58:46 2021 : Connection terminated.
Tue Apr 13 11:58:46 2021 : Connect time 136.5 minutes.
Tue Apr 13 11:58:46 2021 : Sent 0 bytes, received 0 bytes.
Tue Apr 13 11:58:46 2021 : L2TP disconnecting...
Tue Apr 13 11:58:46 2021 : L2TP sent CDN
Tue Apr 13 11:58:46 2021 : L2TP sent StopCCN
Tue Apr 13 11:58:46 2021 : L2TP disconnected
#Start-Date: 2021-04-13 11:58:48 CEST
#Fields: date time s-comment
2021-04-13 11:58:48 CEST	Loading plugin /System/Library/Extensions/L2TP.ppp
2021-04-13 11:58:48 CEST	Listening for connections...
2021-04-13 11:59:08 CEST	Incoming call... Address given to client = 172.26.0.201
Tue Apr 13 11:59:08 2021 : Directory Services Authentication plugin initialized
Tue Apr 13 11:59:08 2021 : Directory Services Authorization plugin initialized
Tue Apr 13 11:59:08 2021 : publish_entry SCDSet() failed: Success!
Tue Apr 13 11:59:08 2021 : publish_entry SCDSet() failed: Success!
Tue Apr 13 11:59:08 2021 : publish_entry SCDSet() failed: Success!
Tue Apr 13 11:59:08 2021 : L2TP incoming call in progress from '90.166.127.186'...
Tue Apr 13 11:59:08 2021 : L2TP received SCCRQ
Tue Apr 13 11:59:08 2021 : L2TP sent SCCRP
Tue Apr 13 11:59:08 2021 : L2TP received SCCCN
Tue Apr 13 11:59:08 2021 : L2TP received ICRQ
Tue Apr 13 11:59:08 2021 : L2TP sent ICRP
Tue Apr 13 11:59:08 2021 : L2TP received ICCN
Tue Apr 13 11:59:08 2021 : L2TP connection established.
Tue Apr 13 11:59:08 2021 : using link 0
Tue Apr 13 11:59:08 2021 : Using interface ppp0
Tue Apr 13 11:59:08 2021 : Connect: ppp0 <--> socket[34:18]
Tue Apr 13 11:59:08 2021 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x16b8e8ca> <pcomp> <accomp>]
Tue Apr 13 11:59:08 2021 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xb455799> <pcomp> <accomp>]
Tue Apr 13 11:59:08 2021 : lcp_reqci: returning CONFACK.
Tue Apr 13 11:59:08 2021 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xb455799> <pcomp> <accomp>]
Tue Apr 13 11:59:08 2021 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x16b8e8ca> <pcomp> <accomp>]
Tue Apr 13 11:59:08 2021 : sent [LCP EchoReq id=0x0 magic=0x16b8e8ca]
Tue Apr 13 11:59:08 2021 : sent [CHAP Challenge id=0xe <6716707c25235905374055792807400a>, name = "unServer.private"]
Tue Apr 13 11:59:08 2021 : rcvd [LCP EchoReq id=0x0 magic=0xb455799]
Tue Apr 13 11:59:08 2021 : sent [LCP EchoRep id=0x0 magic=0x16b8e8ca]
Tue Apr 13 11:59:08 2021 : rcvd [LCP EchoRep id=0x0 magic=0xb455799]
Tue Apr 13 11:59:08 2021 : rcvd [CHAP Response id=0xe <a3265a0e3ebca9e91432a3e292e27ef200000000000000009a6dd2f626a38cd16d6510a12a8ededb087775ec38dd734900>, name = "jcires"]
Tue Apr 13 11:59:08 2021 : sent [CHAP Success id=0xe "S=F4EE328DEC798F6CCF25BAEFDCCFF09422083289 M=Access granted"]
Tue Apr 13 11:59:08 2021 : CHAP peer authentication succeeded for jcires
Tue Apr 13 11:59:08 2021 : DSAccessControl plugin: User 'jcires' authorized for access
Tue Apr 13 11:59:08 2021 : sent [IPCP ConfReq id=0x1 <addr 172.26.0.4>]
Tue Apr 13 11:59:08 2021 : sent [ACSCP ConfReq id=0x1]
Tue Apr 13 11:59:08 2021 : rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Tue Apr 13 11:59:08 2021 : ipcp: returning Configure-NAK
Tue Apr 13 11:59:08 2021 : sent [IPCP ConfNak id=0x1 <addr 172.26.0.201> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:59:08 2021 : rcvd [IPV6CP ConfReq id=0x1 <addr fe80::f60f:24ff:fe30:a22f>]
Tue Apr 13 11:59:08 2021 : Unsupported protocol 0x8057 received
Tue Apr 13 11:59:08 2021 : sent [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a f6 0f 24 ff fe 30 a2 2f]
Tue Apr 13 11:59:08 2021 : rcvd [ACSCP ConfReq id=0x1 <route vers 16777216> <domain vers 16777216>]
Tue Apr 13 11:59:08 2021 : sent [ACSCP ConfRej id=0x1 <route vers 16777216>]
Tue Apr 13 11:59:08 2021 : rcvd [IPCP ConfAck id=0x1 <addr 172.26.0.4>]
Tue Apr 13 11:59:08 2021 : rcvd [ACSCP ConfAck id=0x1]
Tue Apr 13 11:59:08 2021 : rcvd [IPCP ConfReq id=0x2 <addr 172.26.0.201> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:59:08 2021 : ipcp: returning Configure-ACK
Tue Apr 13 11:59:08 2021 : sent [IPCP ConfAck id=0x2 <addr 172.26.0.201> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 11:59:08 2021 : ipcp: up
Tue Apr 13 11:59:08 2021 : found interface en0 for proxy arp
Tue Apr 13 11:59:08 2021 : local  IP address 172.26.0.4
Tue Apr 13 11:59:08 2021 : remote IP address 172.26.0.201
Tue Apr 13 11:59:08 2021 : Received acsp/dhcp dictionaries
Tue Apr 13 11:59:08 2021 : Received acsp/dhcp dictionaries
Tue Apr 13 11:59:08 2021 : l2tp_wait_input: Address added. previous interface setting (name: en0, address: 172.26.0.4), current interface setting (name: ppp0, family: PPP, address: 172.26.0.4, subnet: 255.255.255.0, destination: 172.26.0.201).
Tue Apr 13 11:59:08 2021 : rcvd [ACSCP ConfReq id=0x2 <domain vers 16777216>]
Tue Apr 13 11:59:08 2021 : sent [ACSCP ConfAck id=0x2 <domain vers 16777216>]
Tue Apr 13 11:59:08 2021 : Received protocol dictionaries
Tue Apr 13 11:59:08 2021 : Committed PPP store
Tue Apr 13 11:59:08 2021 : sent [ACSP data <payload len 11, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
    <domain: name local>]
Tue Apr 13 11:59:08 2021 : rcvd [IP data <src addr 172.26.0.201> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Tue Apr 13 11:59:08 2021 : sent [IP data <src addr 172.26.0.4> <dst addr 172.26.0.201> <BOOTP Reply> <type ACK> <server id 0xac1a0004> <domain name "local">]
Tue Apr 13 11:59:08 2021 : rcvd [ACSP data <payload len 0, packet seq 0, CI_DOMAINS, flags: ACK>]
Tue Apr 13 11:59:08 2021 : Received acsp/dhcp dictionaries
Tue Apr 13 11:59:08 2021 : Committed PPP store
2021-04-13 12:04:44 CEST	Incoming call... Address given to client = 172.26.0.202
Tue Apr 13 12:04:44 2021 : Directory Services Authentication plugin initialized
Tue Apr 13 12:04:44 2021 : Directory Services Authorization plugin initialized
Tue Apr 13 12:04:44 2021 : publish_entry SCDSet() failed: Success!
Tue Apr 13 12:04:44 2021 : publish_entry SCDSet() failed: Success!
Tue Apr 13 12:04:44 2021 : publish_entry SCDSet() failed: Success!
Tue Apr 13 12:04:44 2021 : L2TP incoming call in progress from '213.98.27.204'...
Tue Apr 13 12:04:44 2021 : L2TP received SCCRQ
Tue Apr 13 12:04:44 2021 : L2TP sent SCCRP
Tue Apr 13 12:04:44 2021 : L2TP received SCCCN
Tue Apr 13 12:04:44 2021 : L2TP received ICRQ
Tue Apr 13 12:04:44 2021 : L2TP sent ICRP
Tue Apr 13 12:04:44 2021 : L2TP received ICCN
Tue Apr 13 12:04:44 2021 : L2TP connection established.
Tue Apr 13 12:04:44 2021 : using link 1
Tue Apr 13 12:04:44 2021 : Using interface ppp1
Tue Apr 13 12:04:44 2021 : Connect: ppp1 <--> socket[34:18]
Tue Apr 13 12:04:44 2021 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x76a2f3f7> <pcomp> <accomp>]
Tue Apr 13 12:04:44 2021 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1d06ab4c> <pcomp> <accomp>]
Tue Apr 13 12:04:44 2021 : lcp_reqci: returning CONFACK.
Tue Apr 13 12:04:44 2021 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x1d06ab4c> <pcomp> <accomp>]
Tue Apr 13 12:04:44 2021 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x76a2f3f7> <pcomp> <accomp>]
Tue Apr 13 12:04:44 2021 : sent [LCP EchoReq id=0x0 magic=0x76a2f3f7]
Tue Apr 13 12:04:44 2021 : sent [CHAP Challenge id=0xe1 <722b787a206e1c2a1a555a1f635d753c>, name = "unServer.private"]
Tue Apr 13 12:04:44 2021 : rcvd [LCP EchoReq id=0x0 magic=0x1d06ab4c]
Tue Apr 13 12:04:44 2021 : sent [LCP EchoRep id=0x0 magic=0x76a2f3f7]
Tue Apr 13 12:04:44 2021 : rcvd [LCP EchoRep id=0x0 magic=0x1d06ab4c]
Tue Apr 13 12:04:44 2021 : rcvd [CHAP Response id=0xe1 <288e735d981d2afd25715f84cd531ec90000000000000000003db99ef7dc66df3db89e6ac49d27cc50f0eb159070362e00>, name = "jcires"]
Tue Apr 13 12:04:45 2021 : sent [CHAP Success id=0xe1 "S=DC2DDEE40EE482C11ED7DCDD9651519896DF8F22 M=Access granted"]
Tue Apr 13 12:04:45 2021 : CHAP peer authentication succeeded for jcires
Tue Apr 13 12:04:45 2021 : DSAccessControl plugin: User 'jcires' authorized for access
Tue Apr 13 12:04:45 2021 : sent [IPCP ConfReq id=0x1 <addr 172.26.0.4>]
Tue Apr 13 12:04:45 2021 : sent [ACSCP ConfReq id=0x1]
Tue Apr 13 12:04:45 2021 : rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Tue Apr 13 12:04:45 2021 : ipcp: returning Configure-NAK
Tue Apr 13 12:04:45 2021 : sent [IPCP ConfNak id=0x1 <addr 172.26.0.202> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 12:04:45 2021 : rcvd [IPV6CP ConfReq id=0x1 <addr fe80::9284:0dff:fef3:ad0b>]
Tue Apr 13 12:04:45 2021 : Unsupported protocol 0x8057 received
Tue Apr 13 12:04:45 2021 : sent [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a 92 84 0d ff fe f3 ad 0b]
Tue Apr 13 12:04:45 2021 : rcvd [ACSCP ConfReq id=0x1 <route vers 16777216> <domain vers 16777216>]
Tue Apr 13 12:04:45 2021 : sent [ACSCP ConfRej id=0x1 <route vers 16777216>]
Tue Apr 13 12:04:45 2021 : rcvd [IPCP ConfAck id=0x1 <addr 172.26.0.4>]
Tue Apr 13 12:04:45 2021 : rcvd [ACSCP ConfAck id=0x1]
Tue Apr 13 12:04:45 2021 : rcvd [IPCP ConfReq id=0x2 <addr 172.26.0.202> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 12:04:45 2021 : ipcp: returning Configure-ACK
Tue Apr 13 12:04:45 2021 : sent [IPCP ConfAck id=0x2 <addr 172.26.0.202> <ms-dns1 172.26.0.9> <ms-dns3 1.1.1.1>]
Tue Apr 13 12:04:45 2021 : ipcp: up
Tue Apr 13 12:04:45 2021 : found interface en0 for proxy arp
Tue Apr 13 12:04:45 2021 : l2tp_wait_input: Address added. previous interface setting (name: en0, address: 172.26.0.4), current interface setting (name: ppp1, family: PPP, address: 172.26.0.4, subnet: 255.255.255.0, destination: 172.26.0.202).
Tue Apr 13 12:04:45 2021 : local  IP address 172.26.0.4
Tue Apr 13 12:04:45 2021 : remote IP address 172.26.0.202
Tue Apr 13 12:04:45 2021 : Received acsp/dhcp dictionaries
Tue Apr 13 12:04:45 2021 : Received acsp/dhcp dictionaries
Tue Apr 13 12:04:45 2021 : l2tp_wait_input: Address added. previous interface setting (name: en0, address: 172.26.0.4), current interface setting (name: ppp1, family: PPP, address: 172.26.0.4, subnet: 255.255.255.0, destination: 172.26.0.202).
Tue Apr 13 12:04:45 2021 : rcvd [ACSCP ConfReq id=0x2 <domain vers 16777216>]
Tue Apr 13 12:04:45 2021 : sent [ACSCP ConfAck id=0x2 <domain vers 16777216>]
Tue Apr 13 12:04:45 2021 : Received protocol dictionaries
Tue Apr 13 12:04:45 2021 : Committed PPP store
Tue Apr 13 12:04:45 2021 : sent [ACSP data <payload len 11, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
    <domain: name local>]
Tue Apr 13 12:04:45 2021 : rcvd [IP data <src addr 172.26.0.202> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Tue Apr 13 12:04:45 2021 : sent [IP data <src addr 172.26.0.4> <dst addr 172.26.0.202> <BOOTP Reply> <type ACK> <server id 0xac1a0004> <domain name "local">]
Tue Apr 13 12:04:45 2021 : rcvd [ACSP data <payload len 0, packet seq 0, CI_DOMAINS, flags: ACK>]
Tue Apr 13 12:04:45 2021 : Received acsp/dhcp dictionaries
Tue Apr 13 12:04:45 2021 : Committed PPP store

logs

trazabilidad

VPN

VPN

DC1

DC2

TS

apps

DA

DNS

ficheros

log de la VPN

log de seguridad

logs servidor (dc's/DA)

Keywords	Date and Time	Source	Event ID	Task Category
Audit Success	4/13/2021 12:42:56 PM	Microsoft-Windows-Security-Auditing	4662	Directory Service Access	"An operation was performed on an object.

Subject :
	Security ID:		D_RGS\W2K8-UN1$
	Account Name:		W2K8-UN1$
	Account Domain:		D_RGS
	Logon ID:		0x186E9DBF

Object:
	Object Server:		DS
	Object Type:		domainDNS
	Object Name:		DC=D_RGS,DC=LOCAL
	Handle ID:		0x0

Operation:
	Operation Type:		Object Access
	Accesses:		Control Access
				
	Access Mask:		0x100
	Properties:		Control Access
		{1131f6ad-9c07-11d1-f79f-00c04fc2dcd2}
	{19195a5b-6da0-11d0-afd3-00c04fd930c9}


Additional Information:
	Parameter 1:		-
	Parameter 2:		"
Audit Success	4/13/2021 12:42:56 PM	Microsoft-Windows-Security-Auditing	4662	Directory Service Access	"An operation was performed on an object.

Subject :
	Security ID:		D_RGS\W2K8-UN1$
	Account Name:		W2K8-UN1$
	Account Domain:		D_RGS
	Logon ID:		0x186E9DBF

Object:
	Object Server:		DS
	Object Type:		domainDNS
	Object Name:		DC=D_RGS,DC=LOCAL
	Handle ID:		0x0

Operation:
	Operation Type:		Object Access
	Accesses:		Control Access
				
	Access Mask:		0x100
	Properties:		Control Access
		{89e95b76-444d-4c62-991a-0facbeda640c}
	{19195a5b-6da0-11d0-afd3-00c04fd930c9}


Additional Information:
	Parameter 1:		-
	Parameter 2:		"
Audit Success	4/13/2021 12:42:56 PM	Microsoft-Windows-Security-Auditing	4662	Directory Service Access	"An operation was performed on an object.

Subject :
	Security ID:		D_RGS\W2K8-UN1$
	Account Name:		W2K8-UN1$
	Account Domain:		D_RGS
	Logon ID:		0x186E9DBF

Object:
	Object Server:		DS
	Object Type:		domainDNS
	Object Name:		DC=D_RGS,DC=LOCAL
	Handle ID:		0x0

Operation:
	Operation Type:		Object Access
	Accesses:		Control Access
				
	Access Mask:		0x100
	Properties:		Control Access
		{1131f6aa-9c07-11d1-f79f-00c04fc2dcd2}
	{19195a5b-6da0-11d0-afd3-00c04fd930c9}


Additional Information:
	Parameter 1:		-
	Parameter 2:		"
Audit Success	4/13/2021 12:42:55 PM	Microsoft-Windows-Security-Auditing	4634	Logoff	"An account was logged off.

Subject:
	Security ID:		SYSTEM
	Account Name:		W2K12-UN1$
	Account Domain:		D_RGS
	Logon ID:		0x18703F3F

Logon Type:			3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer."
Audit Success	4/13/2021 12:42:55 PM	Microsoft-Windows-Security-Auditing	4624	Logon	"An account was successfully logged on.

Subject:
	Security ID:		NULL SID
	Account Name:		-
	Account Domain:		-
	Logon ID:		0x0

Logon Type:			3

Impersonation Level:		Impersonation

New Logon:
	Security ID:		SYSTEM
	Account Name:		W2K12-UN1$
	Account Domain:		D_RGS
	Logon ID:		0x18703F3F
	Logon GUID:		{69BB6B92-4EC5-869F-8013-A47359B5D3D6}

Process Information:
	Process ID:		0x0
	Process Name:		-

Network Information:
	Workstation Name:	-
	Source Network Address:	127.0.0.1
	Source Port:		60104

Detailed Authentication Information:
	Logon Process:		Kerberos
	Authentication Package:	Kerberos
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
	- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
	- Transited services indicate which intermediate services have participated in this logon request.
	- Package name indicates which sub-protocol was used among the NTLM protocols.
	- Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success	4/13/2021 12:42:55 PM	Microsoft-Windows-Security-Auditing	4672	Special Logon	"Special privileges assigned to new logon.

Subject:
	Security ID:		SYSTEM
	Account Name:		W2K12-UN1$
	Account Domain:		D_RGS
	Logon ID:		0x18703F3F

Privileges:		SeSecurityPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeTakeOwnershipPrivilege
			SeDebugPrivilege
			SeSystemEnvironmentPrivilege
			SeLoadDriverPrivilege
			SeImpersonatePrivilege
			SeEnableDelegationPrivilege"
Audit Failure	4/13/2021 12:42:47 PM	Microsoft-Windows-Security-Auditing	4776	Credential Validation	"The computer attempted to validate the credentials for an account.

Authentication Package:	MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account:	administrator
Source Workstation:	
Error Code:	0xC0000064"
Audit Success	4/13/2021 12:42:46 PM	Microsoft-Windows-Security-Auditing	4634	Logoff	"An account was logged off.

logs

trazabilidad

VPN

VPN

DC1

DC2

TS

apps

DA

DNS

ficheros

log de la VPN

log de seguridad

logs servidor (dc's/DA)

logs

trazabilidad

VPN

VPN

DC1

DC2

TS

apps

DA

DNS

ficheros

log de la VPN

log de seguridad

logs servidor (dc's/DA)

[I] [2021-03-05 00:00:51] RDP: failed login attempt from 77.65.11.181 for user [Unknown]
[I] [2021-03-05 00:00:51] 77.65.11.181 blocked
[I] [2021-03-05 00:19:55] Successfully unblocked 1.232.176.9 
[I] [2021-03-05 00:22:46] Successfully unblocked 185.92.122.166 
[I] [2021-03-05 00:25:13] Successfully unblocked 39.165.231.61 
[I] [2021-03-05 00:57:00] Successfully unblocked 51.195.131.239 
[I] [2021-03-05 00:58:52] RDP: failed login attempt from 51.195.131.239 for user USUARIO01
[I] [2021-03-05 00:58:54] RDP: failed login attempt from 51.195.131.239 for user USUARIO01
[I] [2021-03-05 01:00:53] Successfully unblocked 193.57.40.8 
[I] [2021-03-05 01:00:57] RDP: failed login attempt from 51.195.131.239 for user USUARIO01
[I] [2021-03-05 01:00:57] 51.195.131.239 blocked
[I] [2021-03-05 01:00:59] RDP: failed login attempt from 51.195.131.239 for user USUARIO01
[I] [2021-03-05 01:34:42] RDP: failed login attempt from 103.118.157.23 for user FTP
[I] [2021-03-05 01:34:42] 103.118.157.23 blocked
[I] [2021-03-05 01:51:30] Successfully unblocked 193.46.254.205 
[I] [2021-03-05 02:12:58] Successfully unblocked 110.185.106.209 
[I] [2021-03-05 02:40:38] Successfully unblocked 185.202.2.21 
[I] [2021-03-05 02:55:50] RDP: failed login attempt from 220.133.33.239 for user [Unknown]
[I] [2021-03-05 03:09:33] RDP: failed login attempt from 220.133.33.239 for user [Unknown]
[I] [2021-03-05 03:09:53] Successfully unblocked 193.57.40.9 
[I] [2021-03-05 03:19:44] RDP: failed login attempt from 135.181.208.40 for user ADMINISTRADOR
[I] [2021-03-05 03:19:56] RDP: failed login attempt from 135.181.208.40 for user ADMINISTRADOR
[I] [2021-03-05 03:20:20] RDP: failed login attempt from 135.181.208.40 for user [Unknown]
[I] [2021-03-05 03:20:20] 135.181.208.40 blocked
[I] [2021-03-05 03:23:27] RDP: failed login attempt from 220.133.33.239 for user [Unknown]
[I] [2021-03-05 03:23:27] 220.133.33.239 blocked
[I] [2021-03-05 03:23:51] RDP: failed login attempt from 135.181.208.41 for user ADMINISTRADOR
[I] [2021-03-05 03:23:53] RDP: failed login attempt from 135.181.208.41 for user ADMINISTRADOR
[I] [2021-03-05 03:23:59] RDP: failed login attempt from 135.181.208.41 for user ADMINISTRADOR
[I] [2021-03-05 03:23:59] 135.181.208.41 blocked
[I] [2021-03-05 03:59:57] RDP: failed login attempt from 185.202.1.122 for user Test
[I] [2021-03-05 04:00:07] RDP: failed login attempt from 172.26.0.9 for user Test
[I] [2021-03-05 04:00:07] 172.26.0.9 is whitelisted. Skipped.
[I] [2021-03-05 04:00:09] RDP: failed login attempt from 185.202.1.122 for user [Unknown]
[I] [2021-03-05 04:07:16] RDP: failed login attempt from 94.232.47.180 for user Administrator
[I] [2021-03-05 04:07:20] RDP: failed login attempt from 94.232.47.180 for user Administrator
[I] [2021-03-05 04:07:22] RDP: failed login attempt from 94.232.47.180 for user Administrator
[I] [2021-03-05 04:07:22] 94.232.47.180 blocked
[I] [2021-03-05 04:39:46] RDP: failed login attempt from 31.184.194.180 for user SAPADMIN
[I] [2021-03-05 04:39:46] 31.184.194.180 blocked
[I] [2021-03-05 04:52:18] RDP: failed login attempt from 185.202.1.122 for user Administrator
[I] [2021-03-05 04:52:18] 185.202.1.122 blocked
[I] [2021-03-05 04:52:20] RDP: failed login attempt from 185.202.1.122 for user Administrator
[I] [2021-03-05 05:17:21] RDP: failed login attempt from 135.181.177.162 for user ADMINISTRADOR
[I] [2021-03-05 05:17:31] RDP: failed login attempt from 135.181.177.162 for user ADMINISTRADOR
[I] [2021-03-05 05:17:40] RDP: failed login attempt from 135.181.177.162 for user [Unknown]
[I] [2021-03-05 05:17:41] 135.181.177.162 blocked
[I] [2021-03-05 05:19:15] RDP: failed login attempt from 193.57.40.9 for user Administrator
[I] [2021-03-05 05:21:04] RDP: failed login attempt from 193.57.40.9 for user Administrator
[I] [2021-03-05 05:21:08] RDP: failed login attempt from 193.57.40.9 for user Administrator
[I] [2021-03-05 05:21:08] 193.57.40.9 blocked
[I] [2021-03-05 05:22:25] RDP: failed login attempt from 135.181.166.16 for user ADMINISTRADOR
[I] [2021-03-05 05:22:40] RDP: failed login attempt from 135.181.166.16 for user [Unknown]
[I] [2021-03-05 05:22:48] RDP: failed login attempt from 135.181.166.16 for user ADMINISTRADOR
[I] [2021-03-05 05:22:49] 135.181.166.16 blocked
[I] [2021-03-05 05:22:50] RDP: failed login attempt from 135.181.166.16 for user ADMINISTRADOR
[I] [2021-03-05 05:23:29] RDP: failed login attempt from 45.227.255.115 for user Administrator
[I] [2021-03-05 05:23:31] RDP: failed login attempt from 45.227.255.115 for user Administrator
[I] [2021-03-05 05:23:33] RDP: failed login attempt from 45.227.255.115 for user Administrator
[I] [2021-03-05 05:23:33] RDP: failed login attempt from 45.227.255.115 for user [Unknown]
[I] [2021-03-05 05:23:33] 45.227.255.115 blocked
[I] [2021-03-05 05:23:35] RDP: failed login attempt from 45.227.255.115 for user Administrator
[I] [2021-03-05 05:23:38] RDP: failed login attempt from 45.227.255.115 for user [Unknown]
[I] [2021-03-05 05:51:05] Successfully unblocked 193.57.40.68 
[I] [2021-03-05 05:53:22] Successfully unblocked 110.38.56.68 
[I] [2021-03-05 05:57:06] Successfully unblocked 185.202.1.123 
[I] [2021-03-05 06:03:22] RDP::2k1216Engine worker thread stopped
[I] [2021-03-05 06:03:22] RDP::2k1216Engine worker thread started
[I] [2021-03-05 06:04:47] Successfully unblocked 177.130.51.200 
[I] [2021-03-05 06:32:08] RDP: failed login attempt from 87.251.70.4 for user ADMINISTRATOR
[I] [2021-03-05 06:32:24] RDP: failed login attempt from 87.251.70.4 for user ADMIN
[I] [2021-03-05 06:32:42] RDP: failed login attempt from 87.251.70.4 for user ADMINISTRATOR
[I] [2021-03-05 06:32:43] 87.251.70.4 blocked
[I] [2021-03-05 06:40:27] Successfully unblocked 193.57.40.10 
[I] [2021-03-05 06:49:51] Successfully unblocked 94.232.47.130 
[I] [2021-03-05 07:53:26] RDP: failed login attempt from 59.173.241.166 for user [Unknown]
[I] [2021-03-05 07:54:54] RDP: failed login attempt from 59.173.241.166 for user [Unknown]
[I] [2021-03-05 07:55:16] RDP: failed login attempt from 218.60.2.31 for user ADMINISTRATOR
[I] [2021-03-05 07:56:33] RDP: failed login attempt from 59.173.241.166 for user АДМИН
[I] [2021-03-05 07:56:33] 59.173.241.166 blocked
[I] [2021-03-05 07:57:07] RDP: failed login attempt from 111.50.1.135 for user ADMINISTRATOR
[I] [2021-03-05 07:58:01] RDP: failed login attempt from 218.60.2.31 for user [Unknown]
[I] [2021-03-05 07:58:32] RDP: failed login attempt from 111.50.1.135 for user [Unknown]
[I] [2021-03-05 07:58:45] RDP: failed login attempt from 217.12.116.210 for user ADMINISTRATOR
[I] [2021-03-05 07:59:53] RDP: failed login attempt from 111.50.1.135 for user ADMINISTRATOR
[I] [2021-03-05 07:59:54] 111.50.1.135 blocked
[I] [2021-03-05 08:00:47] RDP: failed login attempt from 218.60.2.31 for user [Unknown]
[I] [2021-03-05 08:00:47] 218.60.2.31 blocked
[I] [2021-03-05 08:02:23] RDP: failed login attempt from 217.12.116.210 for user [Unknown]
[I] [2021-03-05 08:03:20] RDP: failed login attempt from 218.60.3.31 for user USER1
[I] [2021-03-05 08:03:52] RDP: failed login attempt from 194.26.29.10 for user admin
[I] [2021-03-05 08:03:54] RDP: failed login attempt from 194.26.29.10 for user admin
[I] [2021-03-05 08:03:56] RDP: failed login attempt from 194.26.29.10 for user admin
[I] [2021-03-05 08:03:57] 194.26.29.10 blocked
[I] [2021-03-05 08:03:58] RDP: failed login attempt from 194.26.29.10 for user admin
[I] [2021-03-05 08:06:51] RDP: failed login attempt from 111.20.201.86 for user ADMINISTRATOR
[I] [2021-03-05 08:08:17] RDP: failed login attempt from 218.60.3.31 for user [Unknown]
[I] [2021-03-05 08:12:57] RDP: failed login attempt from 218.60.3.31 for user [Unknown]
[I] [2021-03-05 08:12:57] 218.60.3.31 blocked
[I] [2021-03-05 08:26:09] RDP: failed login attempt from 185.202.1.77 for user 1
[I] [2021-03-05 08:26:11] RDP: failed login attempt from 185.202.1.77 for user 1
[I] [2021-03-05 08:31:23] RDP: failed login attempt from 185.202.1.77 for user 32BIT
[I] [2021-03-05 08:31:24] 185.202.1.77 blocked
[I] [2021-03-05 08:31:25] RDP: failed login attempt from 185.202.1.77 for user 32BIT
[I] [2021-03-05 08:32:30] Successfully unblocked 45.146.165.62 
[I] [2021-03-05 08:33:24] RDP: failed login attempt from 111.20.201.86 for user [Unknown]
[I] [2021-03-05 08:49:51] RDP: failed login attempt from 94.232.42.79 for user GUEST
[I] [2021-03-05 08:58:19] RDP: failed login attempt from 111.20.201.86 for user ADMINISTRATOR
[I] [2021-03-05 08:58:19] 111.20.201.86 blocked
[I] [2021-03-05 09:28:52] RDP: failed login attempt from 193.46.254.205 for user mike
[I] [2021-03-05 09:29:59] RDP: failed login attempt from 193.46.254.205 for user ray
[I] [2021-03-05 09:50:26] RDP: failed login attempt from 94.232.42.79 for user GUEST
[I] [2021-03-05 09:57:43] RDP: failed login attempt from 217.12.116.210 for user USER
[I] [2021-03-05 09:57:44] 217.12.116.210 blocked
[I] [2021-03-05 10:04:55] Successfully unblocked 94.232.42.71 
[I] [2021-03-05 10:22:40] Successfully unblocked 45.227.254.19 
[I] [2021-03-05 10:24:06] Successfully unblocked 94.232.42.69 
[I] [2021-03-05 10:24:23] Successfully unblocked 2 IP addresses 
[I] [2021-03-05 10:24:33] Successfully unblocked 5 IP addresses 
[I] [2021-03-05 10:24:47] Successfully unblocked 4 IP addresses 
[I] [2021-03-05 10:25:06] Successfully unblocked 3 IP addresses 
[I] [2021-03-05 10:25:23] Successfully unblocked 5 IP addresses 
[I] [2021-03-05 10:25:28] Successfully unblocked 94.232.41.9 
[I] [2021-03-05 10:25:29] Successfully unblocked 2 IP addresses 
[I] [2021-03-05 10:25:42] Successfully unblocked 3 IP addresses 
[I] [2021-03-05 10:25:51] Successfully unblocked 3 IP addresses 
[I] [2021-03-05 10:25:56] Successfully unblocked 94.232.41.14 
[I] [2021-03-05 10:26:00] Successfully unblocked 94.232.41.31 
[I] [2021-03-05 10:26:20] Successfully unblocked 94.232.41.20 
[I] [2021-03-05 10:36:44] Successfully unblocked 185.153.196.72 
[I] [2021-03-05 10:49:46] RDP: failed login attempt from 94.232.42.71 for user USER10
[I] [2021-03-05 10:49:52] Successfully unblocked 185.42.228.82 
[I] [2021-03-05 10:49:56] RDP: failed login attempt from 94.232.42.79 for user [Unknown]
[I] [2021-03-05 10:49:56] 94.232.42.79 blocked
[I] [2021-03-05 10:50:02] RDP: failed login attempt from 185.42.228.82 for user USUARIO
[I] [2021-03-05 10:50:04] RDP: failed login attempt from 185.42.228.82 for user USUARIO
[I] [2021-03-05 10:50:22] RDP: failed login attempt from 185.42.228.82 for user ADMINISTRACIÓN
[I] [2021-03-05 10:50:22] 185.42.228.82 blocked
[I] [2021-03-05 10:50:24] RDP: failed login attempt from 185.42.228.82 for user ADMINISTRACIÓN
[I] [2021-03-05 10:50:32] RDP: failed login attempt from 94.232.42.71 for user SMART
[I] [2021-03-05 10:51:12] Successfully unblocked 138.99.216.125 
[I] [2021-03-05 10:51:22] RDP: failed login attempt from 94.232.42.71 for user ARCGIS
[I] [2021-03-05 10:51:22] 94.232.42.71 blocked
[I] [2021-03-05 10:56:12] RDP: failed login attempt from 94.232.42.69 for user VISITOR
[I] [2021-03-05 10:56:34] RDP: failed login attempt from 94.232.44.213 for user AMIT
[I] [2021-03-05 10:56:49] RDP: failed login attempt from 94.232.42.69 for user PRUEBA123
[I] [2021-03-05 10:56:51] RDP: failed login attempt from 94.232.41.21 for user JOHNNY
[I] [2021-03-05 10:56:59] RDP: failed login attempt from 87.251.67.157 for user USUARIO2
[I] [2021-03-05 10:57:01] RDP: failed login attempt from 94.232.41.6 for user OEM
[I] [2021-03-05 10:57:05] RDP: failed login attempt from 94.232.44.213 for user DANIELA
[I] [2021-03-05 10:57:05] RDP: failed login attempt from 94.232.43.21 for user ROBIN
[I] [2021-03-05 10:57:07] RDP: failed login attempt from 94.232.41.35 for user GABRIELA
[I] [2021-03-05 10:57:09] RDP: failed login attempt from 94.232.41.21 for user CHECADOR
[I] [2021-03-05 10:57:11] RDP: failed login attempt from 94.232.41.8 for user DISPATCH4
[I] [2021-03-05 10:57:13] RDP: failed login attempt from 87.251.67.157 for user BACKUPEXEC
[I] [2021-03-05 10:57:17] RDP: failed login attempt from 94.232.44.212 for user DEMO1
[I] [2021-03-05 10:57:21] RDP: failed login attempt from 94.232.42.69 for user ANA
[I] [2021-03-05 10:57:21] 94.232.42.69 blocked
[I] [2021-03-05 10:57:23] RDP: failed login attempt from 94.232.41.24 for user ELIZABETH
[I] [2021-03-05 10:57:25] RDP: failed login attempt from 94.232.41.33 for user MEMBER
[I] [2021-03-05 10:57:29] RDP: failed login attempt from 94.232.41.22 for user TESTING
[I] [2021-03-05 10:57:29] RDP: failed login attempt from 94.232.41.35 for user [Unknown]
[I] [2021-03-05 10:57:31] RDP: failed login attempt from 94.232.44.212 for user RENDER
[I] [2021-03-05 10:57:33] RDP: failed login attempt from 94.232.41.32 for user DEMO3
[I] [2021-03-05 10:57:36] RDP: failed login attempt from 94.232.43.20 for user TEMPORAL
[I] [2021-03-05 10:57:36] RDP: failed login attempt from 94.232.41.6 for user [Unknown]
[I] [2021-03-05 10:57:40] RDP: failed login attempt from 94.232.41.7 for user ASPNET
[I] [2021-03-05 10:57:40] RDP: failed login attempt from 94.232.43.23 for user [Unknown]
[I] [2021-03-05 10:57:45] RDP: failed login attempt from 94.232.44.213 for user [Unknown]
[I] [2021-03-05 10:57:45] RDP: failed login attempt from 94.232.43.22 for user [Unknown]
[I] [2021-03-05 10:57:45] 94.232.44.213 blocked
[I] [2021-03-05 10:57:47] RDP: failed login attempt from 94.232.41.16 for user DEV
[I] [2021-03-05 10:57:51] RDP: failed login attempt from 94.232.41.23 for user FIN
[I] [2021-03-05 10:57:53] RDP: failed login attempt from 94.232.41.21 for user GALILEO
[I] [2021-03-05 10:57:53] 94.232.41.21 blocked
[I] [2021-03-05 10:57:55] RDP: failed login attempt from 94.232.41.8 for user AP
[I] [2021-03-05 10:57:55] RDP: failed login attempt from 94.232.43.20 for user [Unknown]
[I] [2021-03-05 10:57:57] RDP: failed login attempt from 94.232.44.212 for user KEVIN
[I] [2021-03-05 10:57:57] 94.232.44.212 blocked
[I] [2021-03-05 10:58:09] RDP: failed login attempt from 94.232.43.22 for user VICKY
[I] [2021-03-05 10:58:11] RDP: failed login attempt from 94.232.41.33 for user BODEGA
[I] [2021-03-05 10:58:13] RDP: failed login attempt from 94.232.41.24 for user AUTOLOGON
[I] [2021-03-05 10:58:13] RDP: failed login attempt from 94.232.41.22 for user [Unknown]
[I] [2021-03-05 10:58:16] RDP: failed login attempt from 94.232.41.7 for user IGOR
[I] [2021-03-05 10:58:16] RDP: failed login attempt from 94.232.43.23 for user [Unknown]
[I] [2021-03-05 10:58:16] RDP: failed login attempt from 94.232.41.35 for user [Unknown]
[I] [2021-03-05 10:58:16] 94.232.41.35 blocked
[I] [2021-03-05 10:58:21] RDP: failed login attempt from 94.232.43.21 for user VINCENT
[I] [2021-03-05 10:58:21] RDP: failed login attempt from 94.232.41.7 for user VIEWER
[I] [2021-03-05 10:58:22] 94.232.41.7 blocked
[I] [2021-03-05 10:58:23] RDP: failed login attempt from 94.232.41.6 for user ABERNAL
[I] [2021-03-05 10:58:23] RDP: failed login attempt from 94.232.41.32 for user [Unknown]
[I] [2021-03-05 10:58:24] 94.232.41.6 blocked
[I] [2021-03-05 10:58:28] RDP: failed login attempt from 94.232.43.21 for user OPERADOR
[I] [2021-03-05 10:58:28] RDP: failed login attempt from 94.232.41.6 for user [Unknown]
[I] [2021-03-05 10:58:29] 94.232.43.21 blocked
[I] [2021-03-05 10:58:30] RDP: failed login attempt from 94.232.41.23 for user LUIS
[I] [2021-03-05 10:58:30] RDP: failed login attempt from 94.232.43.20 for user [Unknown]
[I] [2021-03-05 10:58:31] 94.232.43.20 blocked
[I] [2021-03-05 10:58:34] RDP: failed login attempt from 94.232.41.16 for user TESTUSER1
[I] [2021-03-05 10:58:34] RDP: failed login attempt from 87.251.67.157 for user [Unknown]
[I] [2021-03-05 10:58:34] RDP: failed login attempt from 94.232.41.8 for user [Unknown]
[I] [2021-03-05 10:58:34] 87.251.67.157 blocked
[I] [2021-03-05 10:58:34] 94.232.41.8 blocked
[I] [2021-03-05 10:58:39] RDP: failed login attempt from 94.232.41.9 for user USER12
[I] [2021-03-05 10:58:41] RDP: failed login attempt from 94.232.41.15 for user MARC
[I] [2021-03-05 10:58:45] RDP: failed login attempt from 94.232.41.22 for user SEBASTIAN
[I] [2021-03-05 10:58:45] RDP: failed login attempt from 94.232.41.24 for user [Unknown]
[I] [2021-03-05 10:58:45] RDP: failed login attempt from 94.232.41.23 for user [Unknown]
[I] [2021-03-05 10:58:45] RDP: failed login attempt from 94.232.43.23 for user [Unknown]
[I] [2021-03-05 10:58:45] 94.232.41.24 blocked
[I] [2021-03-05 10:58:45] 94.232.41.22 blocked
[I] [2021-03-05 10:58:45] 94.232.43.23 blocked
[I] [2021-03-05 10:58:45] 94.232.41.23 blocked
[I] [2021-03-05 10:58:51] RDP: failed login attempt from 94.232.41.10 for user BOARDROOM
[I] [2021-03-05 10:58:51] RDP: failed login attempt from 94.232.41.31 for user [Unknown]
[I] [2021-03-05 10:58:51] RDP: failed login attempt from 94.232.43.22 for user [Unknown]
[I] [2021-03-05 10:58:52] 94.232.43.22 blocked
[I] [2021-03-05 10:58:55] RDP: failed login attempt from 94.232.41.11 for user ERP
[I] [2021-03-05 10:58:57] RDP: failed login attempt from 94.232.41.33 for user FRANCIS
[I] [2021-03-05 10:58:57] 94.232.41.33 blocked
[I] [2021-03-05 10:59:01] RDP: failed login attempt from 94.232.41.34 for user TESTE
[I] [2021-03-05 10:59:03] RDP: failed login attempt from 94.232.41.20 for user DIEGO
[I] [2021-03-05 10:59:05] RDP: failed login attempt from 94.232.41.16 for user PC
[I] [2021-03-05 10:59:05] 94.232.41.16 blocked
[I] [2021-03-05 10:59:07] RDP: failed login attempt from 94.232.41.13 for user RICARDO
[I] [2021-03-05 10:59:09] RDP: failed login attempt from 94.232.41.14 for user CONSULTA
[I] [2021-03-05 10:59:11] RDP: failed login attempt from 94.232.41.9 for user ADMINISTRATOR
[I] [2021-03-05 10:59:13] RDP: failed login attempt from 94.232.41.12 for user USER
[I] [2021-03-05 10:59:17] RDP: failed login attempt from 94.232.41.19 for user PC10
[I] [2021-03-05 10:59:19] RDP: failed login attempt from 94.232.41.32 for user EVA
[I] [2021-03-05 10:59:19] 94.232.41.32 blocked
[I] [2021-03-05 10:59:21] RDP: failed login attempt from 94.232.41.18 for user PRODUCTION
[I] [2021-03-05 10:59:27] RDP: failed login attempt from 94.232.41.13 for user SADMIN
[I] [2021-03-05 10:59:29] RDP: failed login attempt from 94.232.41.17 for user VISITANTE
[I] [2021-03-05 10:59:43] RDP: failed login attempt from 94.232.41.11 for user AORTIZ
[I] [2021-03-05 10:59:47] RDP: failed login attempt from 94.232.41.18 for user FRED
[I] [2021-03-05 10:59:49] RDP: failed login attempt from 94.232.41.31 for user BILLING
[I] [2021-03-05 10:59:51] RDP: failed login attempt from 94.232.41.34 for user SANTOSH
[I] [2021-03-05 10:59:59] RDP: failed login attempt from 185.202.2.106 for user NANCY
[I] [2021-03-05 11:00:01] RDP: failed login attempt from 94.232.41.15 for user [Unknown]
[I] [2021-03-05 11:00:03] RDP: failed login attempt from 185.202.2.106 for user DP1
[I] [2021-03-05 11:00:05] RDP: failed login attempt from 185.202.2.106 for user REMOTE
[I] [2021-03-05 11:00:05] RDP: failed login attempt from 94.232.41.10 for user [Unknown]
[I] [2021-03-05 11:00:05] RDP: failed login attempt from 94.232.41.19 for user [Unknown]
[I] [2021-03-05 11:00:06] 185.202.2.106 blocked
[I] [2021-03-05 11:00:07] RDP: failed login attempt from 185.202.2.106 for user KINGDEE
[I] [2021-03-05 11:00:07] RDP: failed login attempt from 94.232.41.18 for user [Unknown]
[I] [2021-03-05 11:00:08] 94.232.41.18 blocked
[I] [2021-03-05 11:00:11] RDP: failed login attempt from 94.232.41.15 for user INSTALLER
[I] [2021-03-05 11:00:12] 94.232.41.15 blocked
[I] [2021-03-05 11:00:15] RDP: failed login attempt from 94.232.41.12 for user HELPDESK
[I] [2021-03-05 11:00:19] RDP: failed login attempt from 94.232.41.17 for user INTERN
[I] [2021-03-05 11:00:19] RDP: failed login attempt from 94.232.41.9 for user [Unknown]
[I] [2021-03-05 11:00:19] 94.232.41.9 blocked
[I] [2021-03-05 11:00:21] RDP: failed login attempt from 94.232.41.9 for user LIBRARY
[I] [2021-03-05 11:00:25] RDP: failed login attempt from 94.232.41.10 for user 123123
[I] [2021-03-05 11:00:25] 94.232.41.10 blocked
[I] [2021-03-05 11:00:27] RDP: failed login attempt from 94.232.41.14 for user TS02
[I] [2021-03-05 11:00:35] RDP: failed login attempt from 94.232.41.31 for user LUIZ
[I] [2021-03-05 11:00:36] 94.232.41.31 blocked
[I] [2021-03-05 11:00:45] RDP: failed login attempt from 94.232.41.17 for user NET
[I] [2021-03-05 11:00:45] RDP: failed login attempt from 94.232.41.20 for user [Unknown]
[I] [2021-03-05 11:00:45] 94.232.41.17 blocked
[I] [2021-03-05 11:00:47] RDP: failed login attempt from 94.232.41.20 for user XEROX
[I] [2021-03-05 11:00:47] 94.232.41.20 blocked
[I] [2021-03-05 11:00:53] RDP: failed login attempt from 94.232.41.19 for user PRODUCCION
[I] [2021-03-05 11:00:53] 94.232.41.19 blocked
[I] [2021-03-05 11:00:59] RDP: failed login attempt from 94.232.41.13 for user S01
[I] [2021-03-05 11:00:59] 94.232.41.13 blocked
[I] [2021-03-05 11:01:03] RDP: failed login attempt from 94.232.41.12 for user XRAY
[I] [2021-03-05 11:01:03] 94.232.41.12 blocked
[I] [2021-03-05 11:01:05] RDP: failed login attempt from 94.232.41.14 for user MAINT
[I] [2021-03-05 11:01:05] RDP: failed login attempt from 94.232.41.11 for user [Unknown]
[I] [2021-03-05 11:01:05] 94.232.41.11 blocked
[I] [2021-03-05 11:01:05] 94.232.41.14 blocked
[I] [2021-03-05 11:01:21] RDP: failed login attempt from 94.232.41.34 for user SUE
[I] [2021-03-05 11:01:21] 94.232.41.34 blocked
[I] [2021-03-05 11:04:40] Successfully unblocked 193.57.40.13 
[I] [2021-03-05 11:15:51] RDP: failed login attempt from 185.153.196.72 for user ROOM
[I] [2021-03-05 11:17:44] RDP: failed login attempt from 185.153.196.72 for user PETE
[I] [2021-03-05 11:18:22] RDP: failed login attempt from 185.153.196.72 for user ARSOFT
[I] [2021-03-05 11:18:22] 185.153.196.72 blocked
[I] [2021-03-05 11:20:34] Successfully unblocked 85.93.20.118 
[I] [2021-03-05 11:27:26] Successfully unblocked 195.136.165.31 
[I] [2021-03-05 11:27:34] RDP: failed login attempt from 195.136.165.31 for user USUARIO
[I] [2021-03-05 11:27:36] RDP: failed login attempt from 195.136.165.31 for user USUARIO
[I] [2021-03-05 11:27:52] RDP: failed login attempt from 195.136.165.31 for user ADMINISTRACIÓN
[I] [2021-03-05 11:27:52] 195.136.165.31 blocked
[I] [2021-03-05 11:27:54] RDP: failed login attempt from 195.136.165.31 for user ADMINISTRACIÓN
[I] [2021-03-05 11:38:05] Successfully unblocked 94.232.44.225 
[I] [2021-03-05 11:38:24] Successfully unblocked 94.232.44.221 
[I] [2021-03-05 11:38:32] Successfully unblocked 94.232.42.6 
[I] [2021-03-05 11:39:00] Successfully unblocked 94.232.44.228 
[I] [2021-03-05 11:39:06] Successfully unblocked 94.232.42.29 
[I] [2021-03-05 11:39:13] Successfully unblocked 94.232.44.77 
[I] [2021-03-05 11:39:15] Successfully unblocked 94.232.44.224 
[I] [2021-03-05 11:39:19] Successfully unblocked 94.232.44.227 
[I] [2021-03-05 11:39:25] Successfully unblocked 94.232.42.7 
[I] [2021-03-05 11:39:26] Successfully unblocked 94.232.44.223 
[I] [2021-03-05 11:39:28] Successfully unblocked 94.232.44.222 
[I] [2021-03-05 11:39:37] Successfully unblocked 94.232.42.10 
[I] [2021-03-05 11:39:39] Successfully unblocked 94.232.44.226 
[I] [2021-03-05 11:39:43] Successfully unblocked 94.232.42.8 
[I] [2021-03-05 11:40:17] Successfully unblocked 94.232.42.9 
[I] [2021-03-05 11:40:39] Successfully unblocked 94.232.42.12 
[I] [2021-03-05 11:46:32] Successfully unblocked 194.61.55.94 
[I] [2021-03-05 11:47:42] Successfully unblocked 94.232.42.13 
[I] [2021-03-05 11:48:25] Successfully unblocked 94.232.42.14 
[I] [2021-03-05 11:48:30] Successfully unblocked 2 IP addresses 
[I] [2021-03-05 11:48:35] Successfully unblocked 94.232.42.22 
[I] [2021-03-05 11:48:41] Successfully unblocked 94.232.42.26 
[I] [2021-03-05 11:48:43] Successfully unblocked 94.232.42.96 
[I] [2021-03-05 11:48:50] Successfully unblocked 94.232.42.18 
[I] [2021-03-05 11:49:03] Successfully unblocked 94.232.43.12 
[I] [2021-03-05 11:49:08] Successfully unblocked 94.232.42.19 
[I] [2021-03-05 11:49:29] Successfully unblocked 94.232.43.7 
[I] [2021-03-05 11:49:37] Successfully unblocked 94.232.43.14 
[I] [2021-03-05 11:49:39] Successfully unblocked 2 IP addresses 
[I] [2021-03-05 11:49:44] Successfully unblocked 94.232.43.13 
[I] [2021-03-05 11:49:46] Successfully unblocked 175.111.131.155 
[I] [2021-03-05 11:49:55] Successfully unblocked 94.232.42.27 
[I] [2021-03-05 11:49:57] Successfully unblocked 94.232.43.10 
[I] [2021-03-05 11:49:59] Successfully unblocked 94.232.42.99 
[I] [2021-03-05 11:50:03] Successfully unblocked 94.232.42.93 
[I] [2021-03-05 11:50:07] Successfully unblocked 94.232.43.16 
[I] [2021-03-05 11:50:27] Successfully unblocked 194.61.53.30 
[I] [2021-03-05 11:51:07] Successfully unblocked 194.61.54.158 
[I] [2021-03-05 11:59:29] Successfully unblocked 94.232.42.77 
[I] [2021-03-05 11:59:35] Successfully unblocked 94.232.42.88 
[I] [2021-03-05 11:59:43] Successfully unblocked 94.232.42.72 
[I] [2021-03-05 11:59:45] Successfully unblocked 94.232.42.75 
[I] [2021-03-05 11:59:49] Successfully unblocked 94.232.42.73 
[I] [2021-03-05 11:59:51] Successfully unblocked 94.232.42.87 
[I] [2021-03-05 11:59:57] Successfully unblocked 94.232.42.89 
[I] [2021-03-05 12:00:08] Successfully unblocked 94.232.42.78 
[I] [2021-03-05 12:00:13] Successfully unblocked 94.232.42.92 
[I] [2021-03-05 12:00:15] Successfully unblocked 94.232.43.25 
[I] [2021-03-05 12:00:17] Successfully unblocked 94.232.42.74 
[I] [2021-03-05 12:00:21] Successfully unblocked 94.232.42.85 
[I] [2021-03-05 12:00:37] Successfully unblocked 94.232.42.86 
[I] [2021-03-05 12:01:05] Successfully unblocked 94.232.42.90 
[I] [2021-03-05 12:01:37] Successfully unblocked 94.232.42.82 
[I] [2021-03-05 12:11:51] Successfully unblocked 87.251.70.69 
[I] [2021-03-05 12:13:19] Successfully unblocked 103.18.117.55 
[I] [2021-03-05 12:15:11] RDP: failed login attempt from 94.232.42.6 for user AB
[I] [2021-03-05 12:15:41] RDP: failed login attempt from 94.232.44.225 for user PS
[I] [2021-03-05 12:15:51] RDP: failed login attempt from 94.232.44.228 for user MARIA
[I] [2021-03-05 12:15:55] RDP: failed login attempt from 94.232.44.221 for user NASIR
[I] [2021-03-05 12:15:57] RDP: failed login attempt from 103.18.117.55 for user ADMINISTRADOR
[I] [2021-03-05 12:16:01] RDP: failed login attempt from 94.232.44.227 for user ROBERT
[I] [2021-03-05 12:16:03] RDP: failed login attempt from 94.232.42.29 for user TASK
[I] [2021-03-05 12:16:07] RDP: failed login attempt from 94.232.42.8 for user [Unknown]
[I] [2021-03-05 12:16:13] RDP: failed login attempt from 94.232.44.222 for user AUTOCAD
[I] [2021-03-05 12:16:17] RDP: failed login attempt from 94.232.42.7 for user USUARIO1
[I] [2021-03-05 12:16:17] RDP: failed login attempt from 94.232.44.226 for user [Unknown]
[I] [2021-03-05 12:16:29] RDP: failed login attempt from 94.232.44.77 for user LABTECH
[I] [2021-03-05 12:16:37] RDP: failed login attempt from 94.232.44.221 for user SOPORTE
[I] [2021-03-05 12:16:39] RDP: failed login attempt from 94.232.44.225 for user ANTONIA
[I] [2021-03-05 12:16:41] RDP: failed login attempt from 94.232.44.224 for user ITA
[I] [2021-03-05 12:16:44] RDP: failed login attempt from 94.232.44.223 for user AUXILIAR
[I] [2021-03-05 12:16:44] RDP: failed login attempt from 94.232.44.221 for user [Unknown]
[I] [2021-03-05 12:16:44] 94.232.44.221 blocked
[I] [2021-03-05 12:16:50] RDP: failed login attempt from 94.232.42.10 for user BACKUP
[I] [2021-03-05 12:16:52] RDP: failed login attempt from 94.232.42.6 for user CAFE
[I] [2021-03-05 12:17:03] RDP: failed login attempt from 94.232.42.9 for user SALES2
[I] [2021-03-05 12:17:03] RDP: failed login attempt from 94.232.42.7 for user ROGER
[I] [2021-03-05 12:17:05] RDP: failed login attempt from 94.232.42.6 for user RETAIL
[I] [2021-03-05 12:17:05] 94.232.42.6 blocked
[I] [2021-03-05 12:17:07] RDP: failed login attempt from 94.232.44.228 for user THOMAS
[I] [2021-03-05 12:17:07] RDP: failed login attempt from 94.232.42.7 for user [Unknown]
[I] [2021-03-05 12:17:07] 94.232.42.7 blocked
[I] [2021-03-05 12:17:09] RDP: failed login attempt from 172.26.0.9 for user RAFAEL
[I] [2021-03-05 12:17:09] 172.26.0.9 is whitelisted. Skipped.
[I] [2021-03-05 12:17:09] RDP: failed login attempt from 94.232.44.225 for user [Unknown]
[I] [2021-03-05 12:17:09] 94.232.44.225 blocked
[I] [2021-03-05 12:17:11] RDP: failed login attempt from 94.232.44.227 for user NATALIA
[I] [2021-03-05 12:17:15] RDP: failed login attempt from 94.232.44.223 for user KAREN
[I] [2021-03-05 12:17:19] RDP: failed login attempt from 94.232.44.222 for user [Unknown]
[I] [2021-03-05 12:17:24] RDP: failed login attempt from 94.232.44.228 for user SITEADMIN
[I] [2021-03-05 12:17:24] 94.232.44.228 blocked
[I] [2021-03-05 12:17:26] RDP: failed login attempt from 94.232.42.10 for user SCAN
[I] [2021-03-05 12:17:31] RDP: failed login attempt from 94.232.42.29 for user JENNIFER
[I] [2021-03-05 12:17:31] RDP: failed login attempt from 94.232.44.222 for user [Unknown]
[I] [2021-03-05 12:17:31] RDP: failed login attempt from 94.232.44.226 for user [Unknown]
[I] [2021-03-05 12:17:32] 94.232.44.222 blocked
[I] [2021-03-05 12:17:33] RDP: failed login attempt from 94.232.42.29 for user ADMINISTRATEUR
[I] [2021-03-05 12:17:34] 94.232.42.29 blocked
[I] [2021-03-05 12:17:37] RDP: failed login attempt from 94.232.44.77 for user SAFETY
[I] [2021-03-05 12:17:43] RDP: failed login attempt from 94.232.44.224 for user TANG
[I] [2021-03-05 12:17:47] RDP: failed login attempt from 94.232.44.224 for user SHARE
[I] [2021-03-05 12:17:48] 94.232.44.224 blocked
[I] [2021-03-05 12:17:51] RDP: failed login attempt from 94.232.42.12 for user ATEST
[I] [2021-03-05 12:17:58] RDP: failed login attempt from 94.232.44.227 for user KEITH
[I] [2021-03-05 12:17:58] 94.232.44.227 blocked
[I] [2021-03-05 12:18:12] RDP: failed login attempt from 94.232.44.223 for user STAGIAIRE
[I] [2021-03-05 12:18:12] 94.232.44.223 blocked
[I] [2021-03-05 12:18:14] RDP: failed login attempt from 94.232.42.8 for user KELLY
[I] [2021-03-05 12:18:16] RDP: failed login attempt from 94.232.42.8 for user AFIFARM
[I] [2021-03-05 12:18:16] RDP: failed login attempt from 94.232.44.226 for user [Unknown]
[I] [2021-03-05 12:18:16] 94.232.42.8 blocked
[I] [2021-03-05 12:18:16] 94.232.44.226 blocked
[I] [2021-03-05 12:18:19] RDP: failed login attempt from 94.232.42.10 for user RAHUL
[I] [2021-03-05 12:18:20] 94.232.42.10 blocked
[I] [2021-03-05 12:18:25] RDP: failed login attempt from 94.232.44.77 for user FAISAL
[I] [2021-03-05 12:18:25] 94.232.44.77 blocked
[I] [2021-03-05 12:18:47] RDP: failed login attempt from 94.232.42.12 for user COPIAS
[I] [2021-03-05 12:18:57] RDP: failed login attempt from 94.232.42.9 for user TDS
[I] [2021-03-05 12:19:12] RDP: failed login attempt from 94.232.42.9 for user SUSAN
[I] [2021-03-05 12:19:12] 94.232.42.9 blocked
[I] [2021-03-05 12:19:18] RDP: failed login attempt from 94.232.42.12 for user TECHSUPPORT
[I] [2021-03-05 12:19:18] 94.232.42.12 blocked
[I] [2021-03-05 12:20:58] RDP: failed login attempt from 103.18.117.55 for user ADMINISTRADOR
[I] [2021-03-05 12:22:57] RDP: failed login attempt from 103.18.117.55 for user ADMINISTRADOR
[I] [2021-03-05 12:22:58] 103.18.117.55 blocked
[I] [2021-03-05 12:24:06] RDP: failed login attempt from 94.232.46.234 for user SCANS
[I] [2021-03-05 12:24:23] RDP: failed login attempt from 94.232.46.232 for user [Unknown]
[I] [2021-03-05 12:24:42] RDP: failed login attempt from 94.232.46.246 for user STUDENT
[I] [2021-03-05 12:24:50] RDP: failed login attempt from 94.232.46.234 for user DEMO
[I] [2021-03-05 12:25:04] RDP: failed login attempt from 94.232.46.232 for user ADMINISTRADOR
[I] [2021-03-05 12:25:22] RDP: failed login attempt from 94.232.46.246 for user TRAINING
[I] [2021-03-05 12:25:33] RDP: failed login attempt from 94.232.46.234 for user [Unknown]
[I] [2021-03-05 12:25:34] 94.232.46.234 blocked
[I] [2021-03-05 12:25:51] RDP: failed login attempt from 94.232.46.232 for user [Unknown]
[I] [2021-03-05 12:25:51] 94.232.46.232 blocked
[I] [2021-03-05 12:26:07] RDP: failed login attempt from 172.26.0.9 for user TESTE
[I] [2021-03-05 12:26:07] 172.26.0.9 is whitelisted. Skipped.
[I] [2021-03-05 12:26:09] RDP: failed login attempt from 94.232.46.246 for user [Unknown]
[I] [2021-03-05 12:26:09] 94.232.46.246 blocked
[I] [2021-03-05 12:26:29] RDP: failed login attempt from 193.57.40.13 for user Administrator
[I] [2021-03-05 12:26:31] RDP: failed login attempt from 193.57.40.13 for user [Unknown]
[I] [2021-03-05 12:26:35] RDP: failed login attempt from 193.57.40.13 for user Administrator
[I] [2021-03-05 12:26:36] 193.57.40.13 blocked
[I] [2021-03-05 12:26:37] RDP: failed login attempt from 193.57.40.13 for user Administrator
[I] [2021-03-05 12:29:13] RDP: failed login attempt from 94.232.42.11 for user BARBARA
[I] [2021-03-05 12:30:39] RDP: failed login attempt from 94.232.42.11 for user JAMES
[I] [2021-03-05 12:31:58] RDP: failed login attempt from 94.232.42.11 for user DIRECTOR
[I] [2021-03-05 12:31:58] 94.232.42.11 blocked
[I] [2021-03-05 12:32:50] Successfully unblocked 138.99.216.111 
[I] [2021-03-05 12:34:52] Successfully unblocked 94.232.41.30 
[I] [2021-03-05 12:35:50] Successfully unblocked 94.232.41.39 
[I] [2021-03-05 12:35:54] Successfully unblocked 94.232.44.216 
[I] [2021-03-05 12:35:56] Successfully unblocked 94.232.44.214 
[I] [2021-03-05 12:35:58] Successfully unblocked 94.232.44.217 
[I] [2021-03-05 12:36:29] Successfully unblocked 94.232.44.219 
[I] [2021-03-05 12:36:37] Successfully unblocked 94.232.44.215 
[I] [2021-03-05 12:36:43] Successfully unblocked 94.232.44.218 
[I] [2021-03-05 12:36:53] Successfully unblocked 94.232.41.29 
[I] [2021-03-05 12:37:10] Successfully unblocked 94.232.41.26 
[I] [2021-03-05 12:37:11] Successfully unblocked 94.232.44.220 
[I] [2021-03-05 12:37:39] Successfully unblocked 94.232.41.28 
[I] [2021-03-05 12:38:36] Successfully unblocked 94.232.41.36 
[I] [2021-03-05 12:38:58] Successfully unblocked 94.232.41.37 
[I] [2021-03-05 12:39:28] Successfully unblocked 94.232.41.38 
[I] [2021-03-05 12:41:46] RDP: failed login attempt from 94.232.42.14 for user IVAN
[I] [2021-03-05 12:42:06] RDP: failed login attempt from 94.232.42.13 for user ACCOUNTING
[I] [2021-03-05 12:42:06] RDP: failed login attempt from 94.232.42.22 for user [Unknown]
[I] [2021-03-05 12:42:08] RDP: failed login attempt from 94.232.42.18 for user USER04
[I] [2021-03-05 12:42:08] RDP: failed login attempt from 94.232.42.23 for user [Unknown]
[I] [2021-03-05 12:42:10] RDP: failed login attempt from 172.26.0.9 for user 11111
[I] [2021-03-05 12:42:10] 172.26.0.9 is whitelisted. Skipped.
[I] [2021-03-05 12:42:18] RDP: failed login attempt from 94.232.42.96 for user TT
[I] [2021-03-05 12:42:29] RDP: failed login attempt from 94.232.42.14 for user [Unknown]
[I] [2021-03-05 12:42:31] RDP: failed login attempt from 94.232.42.13 for user NAM
[I] [2021-03-05 12:42:38] RDP: failed login attempt from 94.232.42.26 for user CONSULTAS
[I] [2021-03-05 12:42:43] RDP: failed login attempt from 94.232.43.12 for user [Unknown]
[I] [2021-03-05 12:42:47] RDP: failed login attempt from 94.232.42.97 for user REMOTE01
[I] [2021-03-05 12:42:47] RDP: failed login attempt from 94.232.42.23 for user [Unknown]
[I] [2021-03-05 12:42:49] RDP: failed login attempt from 94.232.42.96 for user ASHOK
[I] [2021-03-05 12:42:51] RDP: failed login attempt from 94.232.42.18 for user DOCK
[I] [2021-03-05 12:42:54] RDP: failed login attempt from 94.232.42.19 for user [Unknown]
[I] [2021-03-05 12:43:02] RDP: failed login attempt from 94.232.43.14 for user PLANNING
[I] [2021-03-05 12:43:04] RDP: failed login attempt from 94.232.42.14 for user PRISCILA
[I] [2021-03-05 12:43:05] 94.232.42.14 blocked
[I] [2021-03-05 12:43:06] RDP: failed login attempt from 94.232.42.22 for user SCANS
[I] [2021-03-05 12:43:08] RDP: failed login attempt from 94.232.43.7 for user AHMED
[I] [2021-03-05 12:43:10] RDP: failed login attempt from 94.232.42.26 for user UTENTE
[I] [2021-03-05 12:43:13] RDP: failed login attempt from 94.232.42.96 for user INSTALL
[I] [2021-03-05 12:43:13] 94.232.42.96 blocked
[I] [2021-03-05 12:43:15] RDP: failed login attempt from 94.232.43.13 for user CWB
[I] [2021-03-05 12:43:17] RDP: failed login attempt from 94.232.42.93 for user TESORERIA
[I] [2021-03-05 12:43:19] RDP: failed login attempt from 94.232.42.23 for user INFO
[I] [2021-03-05 12:43:19] 94.232.42.23 blocked
[I] [2021-03-05 12:43:22] RDP: failed login attempt from 94.232.42.22 for user [Unknown]
[I] [2021-03-05 12:43:22] 94.232.42.22 blocked
[I] [2021-03-05 12:43:32] RDP: failed login attempt from 94.232.42.13 for user CW01
[I] [2021-03-05 12:43:33] 94.232.42.13 blocked
[I] [2021-03-05 12:43:36] RDP: failed login attempt from 94.232.42.99 for user CELINE
[I] [2021-03-05 12:43:40] RDP: failed login attempt from 94.232.43.12 for user PK
[I] [2021-03-05 12:43:42] RDP: failed login attempt from 94.232.42.97 for user OFFICE
[I] [2021-03-05 12:43:44] RDP: failed login attempt from 94.232.43.8 for user DENTAL
[I] [2021-03-05 12:43:46] RDP: failed login attempt from 94.232.42.18 for user CHECKIN
[I] [2021-03-05 12:43:47] 94.232.42.18 blocked
[I] [2021-03-05 12:43:52] RDP: failed login attempt from 94.232.43.16 for user ALOPEZ
[I] [2021-03-05 12:43:54] RDP: failed login attempt from 94.232.42.26 for user ST
[I] [2021-03-05 12:43:55] 94.232.42.26 blocked
[I] [2021-03-05 12:43:56] RDP: failed login attempt from 94.232.42.19 for user USUARIO
[I] [2021-03-05 12:44:08] RDP: failed login attempt from 94.232.43.13 for user MALI
[I] [2021-03-05 12:44:10] RDP: failed login attempt from 94.232.43.8 for user USERNAME
[I] [2021-03-05 12:44:12] RDP: failed login attempt from 94.232.43.10 for user AMR
[I] [2021-03-05 12:44:14] RDP: failed login attempt from 94.232.43.16 for user ANGEL
[I] [2021-03-05 12:44:17] RDP: failed login attempt from 94.232.43.12 for user DEV01
[I] [2021-03-05 12:44:17] 94.232.43.12 blocked
[I] [2021-03-05 12:44:25] RDP: failed login attempt from 94.232.43.13 for user TECH
[I] [2021-03-05 12:44:25] 94.232.43.13 blocked
[I] [2021-03-05 12:44:33] RDP: failed login attempt from 94.232.43.14 for user BETHK
[I] [2021-03-05 12:44:37] RDP: failed login attempt from 94.232.42.19 for user ROLAND
[I] [2021-03-05 12:44:37] 94.232.42.19 blocked
[I] [2021-03-05 12:44:39] RDP: failed login attempt from 94.232.42.27 for user CELINE
[I] [2021-03-05 12:44:43] RDP: failed login attempt from 94.232.43.14 for user PRINT
[I] [2021-03-05 12:44:43] 94.232.43.14 blocked
[I] [2021-03-05 12:44:51] RDP: failed login attempt from 94.232.43.7 for user ADMINISTRATOR123
[I] [2021-03-05 12:44:53] RDP: failed login attempt from 94.232.42.99 for user DAVE
[I] [2021-03-05 12:45:03] RDP: failed login attempt from 94.232.42.27 for user DAVE
[I] [2021-03-05 12:45:05] RDP: failed login attempt from 94.232.43.8 for user CHA
[I] [2021-03-05 12:45:05] 94.232.43.8 blocked
[I] [2021-03-05 12:45:08] RDP: failed login attempt from 94.232.43.7 for user MONITOREO
[I] [2021-03-05 12:45:08] RDP: failed login attempt from 94.232.42.97 for user [Unknown]
[I] [2021-03-05 12:45:09] 94.232.42.97 blocked
[I] [2021-03-05 12:45:09] 94.232.43.7 blocked
[I] [2021-03-05 12:45:16] RDP: failed login attempt from 194.61.53.30 for user ALINE
[I] [2021-03-05 12:45:20] RDP: failed login attempt from 94.232.43.16 for user [Unknown]
[I] [2021-03-05 12:45:20] 94.232.43.16 blocked
[I] [2021-03-05 12:45:26] RDP: failed login attempt from 94.232.42.93 for user MASTER
[I] [2021-03-05 12:45:28] RDP: failed login attempt from 94.232.42.93 for user FERNANDO
[I] [2021-03-05 12:45:29] 94.232.42.93 blocked
[I] [2021-03-05 12:45:36] RDP: failed login attempt from 94.232.43.10 for user TREINAMENTO
[I] [2021-03-05 12:45:40] RDP: failed login attempt from 94.232.43.10 for user PEDRO
[I] [2021-03-05 12:45:40] 94.232.43.10 blocked
[I] [2021-03-05 12:45:50] RDP: failed login attempt from 94.232.42.99 for user CARLA
[I] [2021-03-05 12:45:51] 94.232.42.99 blocked
[I] [2021-03-05 12:46:14] RDP: failed login attempt from 194.61.53.30 for user ADMINISTRACION
[I] [2021-03-05 12:46:28] RDP: failed login attempt from 94.232.42.27 for user [Unknown]
[I] [2021-03-05 12:46:28] 94.232.42.27 blocked
[I] [2021-03-05 12:46:46] RDP: failed login attempt from 194.61.53.30 for user ADMIN01
[I] [2021-03-05 12:46:46] 194.61.53.30 blocked
[I] [2021-03-05 12:47:20] RDP: failed login attempt from 194.61.54.158 for user [Unknown]
[I] [2021-03-05 12:48:08] RDP: failed login attempt from 194.61.54.158 for user CRYSTAL
[I] [2021-03-05 12:48:12] RDP: failed login attempt from 194.61.54.158 for user MECHANIC
[I] [2021-03-05 12:48:13] 194.61.54.158 blocked
[I] [2021-03-05 12:48:30] Successfully unblocked 94.232.42.21 
[I] [2021-03-05 12:49:01] RDP: failed login attempt from 94.232.42.77 for user BRYAN
[I] [2021-03-05 12:49:20] Successfully unblocked 94.232.42.20 
[I] [2021-03-05 12:49:26] Successfully unblocked 94.232.42.15 
[I] [2021-03-05 12:49:31] RDP: failed login attempt from 94.232.42.78 for user SAM
[I] [2021-03-05 12:49:35] RDP: failed login attempt from 94.232.42.75 for user THIAGO
[I] [2021-03-05 12:49:38] Successfully unblocked 94.232.42.17 
[I] [2021-03-05 12:49:45] RDP: failed login attempt from 94.232.42.73 for user ALI
[I] [2021-03-05 12:49:57] RDP: failed login attempt from 94.232.42.72 for user PUBLIC
[I] [2021-03-05 12:50:01] RDP: failed login attempt from 94.232.42.74 for user SHOP
[I] [2021-03-05 12:50:18] Successfully unblocked 2 IP addresses 
[I] [2021-03-05 12:50:30] Successfully unblocked 94.232.42.70 
[I] [2021-03-05 12:50:46] Successfully unblocked 94.232.43.15 
[I] [2021-03-05 12:50:48] Successfully unblocked 94.232.43.9 
[I] [2021-03-05 12:51:10] Successfully unblocked 94.232.42.28 
[I] [2021-03-05 12:54:59] RDP: failed login attempt from 94.232.42.87 for user CHRIS
[I] [2021-03-05 12:55:48] RDP: failed login attempt from 94.232.42.88 for user SHIPPING
[I] [2021-03-05 12:55:56] RDP: failed login attempt from 94.232.42.89 for user MAHMOUD
[I] [2021-03-05 12:56:06] RDP: failed login attempt from 94.232.42.85 for user FABIO
[I] [2021-03-05 12:56:18] RDP: failed login attempt from 94.232.43.25 for user KIOSK
[I] [2021-03-05 12:56:20] RDP: failed login attempt from 94.232.42.92 for user TEST123
[I] [2021-03-05 12:57:08] RDP: failed login attempt from 94.232.42.90 for user EDGAR
[I] [2021-03-05 12:57:12] RDP: failed login attempt from 94.232.42.86 for user ACCOUNTANT
[I] [2021-03-05 12:59:35] RDP: failed login attempt from 94.232.42.82 for user ROWRITER
[I] [2021-03-05 13:00:44] Successfully unblocked 94.232.43.24 
[I] [2021-03-05 13:00:46] RDP: failed login attempt from 94.232.46.221 for user administrator
[I] [2021-03-05 13:00:58] Successfully unblocked 94.232.42.76 
[I] [2021-03-05 13:01:12] Successfully unblocked 94.232.42.80 
[I] [2021-03-05 13:01:42] Successfully unblocked 94.232.42.84 
[I] [2021-03-05 13:02:18] Successfully unblocked 94.232.42.81 
[I] [2021-03-05 13:02:47] Successfully unblocked 94.232.43.26 
[I] [2021-03-05 13:03:57] RDP: failed login attempt from 185.202.2.107 for user administrator
[I] [2021-03-05 13:03:59] RDP: failed login attempt from 185.202.2.107 for user administrator
[I] [2021-03-05 13:03:59] RDP: failed login attempt from 185.202.2.107 for user [Unknown]
[I] [2021-03-05 13:03:59] 185.202.2.107 blocked
[I] [2021-03-05 13:14:03] Successfully unblocked 85.93.20.10 
[I] [2021-03-05 13:15:10] RDP: failed login attempt from 94.232.46.221 for user administrator
[I] [2021-03-05 13:15:28] RDP: failed login attempt from 185.202.2.100 for user administrator
[I] [2021-03-05 13:15:30] RDP: failed login attempt from 185.202.2.100 for user administrator
[I] [2021-03-05 13:15:32] RDP: failed login attempt from 185.202.2.100 for user administrator
[I] [2021-03-05 13:15:32] 185.202.2.100 blocked
[I] [2021-03-05 13:15:35] RDP: failed login attempt from 185.202.2.100 for user [Unknown]
[I] [2021-03-05 13:17:34] RDP: failed login attempt from 94.232.44.214 for user USER5
[I] [2021-03-05 13:18:17] RDP: failed login attempt from 94.232.44.216 for user ADMIN1
[I] [2021-03-05 13:18:37] RDP: failed login attempt from 94.232.41.39 for user HASSAN
[I] [2021-03-05 13:18:39] RDP: failed login attempt from 94.232.44.217 for user HR01
[I] [2021-03-05 13:18:51] RDP: failed login attempt from 94.232.44.214 for user JENNY
[I] [2021-03-05 13:18:55] RDP: failed login attempt from 94.232.41.30 for user RAJESH
[I] [2021-03-05 13:19:11] RDP: failed login attempt from 94.232.44.218 for user PAUL
[I] [2021-03-05 13:19:13] RDP: failed login attempt from 94.232.41.30 for user FEDEXUSER
[I] [2021-03-05 13:19:21] RDP: failed login attempt from 94.232.44.219 for user CONFERENCE
[I] [2021-03-05 13:19:29] RDP: failed login attempt from 94.232.44.217 for user COMPRAS
[I] [2021-03-05 13:19:33] RDP: failed login attempt from 94.232.44.216 for user FERNANDA
[I] [2021-03-05 13:19:39] RDP: failed login attempt from 94.232.44.217 for user REMOTO3
[I] [2021-03-05 13:19:39] 94.232.44.217 blocked
[I] [2021-03-05 13:19:43] RDP: failed login attempt from 94.232.41.39 for user OSCAR
[I] [2021-03-05 13:19:45] RDP: failed login attempt from 94.232.44.216 for user BRENDA
[I] [2021-03-05 13:19:46] 94.232.44.216 blocked
[I] [2021-03-05 13:19:47] RDP: failed login attempt from 94.232.41.39 for user TECH1
[I] [2021-03-05 13:19:48] 94.232.41.39 blocked
[I] [2021-03-05 13:20:05] RDP: failed login attempt from 94.232.44.215 for user DANNY
[I] [2021-03-05 13:20:07] RDP: failed login attempt from 94.232.41.29 for user CACHE
[I] [2021-03-05 13:20:11] RDP: failed login attempt from 94.232.44.214 for user CONTA
[I] [2021-03-05 13:20:12] 94.232.44.214 blocked
[I] [2021-03-05 13:20:15] RDP: failed login attempt from 94.232.41.28 for user SHAUN
[I] [2021-03-05 13:20:17] RDP: failed login attempt from 94.232.41.30 for user SAP
[I] [2021-03-05 13:20:18] 94.232.41.30 blocked
[I] [2021-03-05 13:20:28] RDP: failed login attempt from 94.232.41.26 for user RICOH
[I] [2021-03-05 13:20:40] RDP: failed login attempt from 94.232.41.26 for user RITA
[I] [2021-03-05 13:20:44] RDP: failed login attempt from 94.232.41.29 for user SISTEMA
[I] [2021-03-05 13:20:54] RDP: failed login attempt from 94.232.41.28 for user CAMILA
[I] [2021-03-05 13:21:00] RDP: failed login attempt from 94.232.44.219 for user MARCIO
[I] [2021-03-05 13:21:04] RDP: failed login attempt from 94.232.41.29 for user DAVID
[I] [2021-03-05 13:21:04] 94.232.41.29 blocked
[I] [2021-03-05 13:21:10] RDP: failed login attempt from 94.232.41.28 for user MANDY
[I] [2021-03-05 13:21:10] 94.232.41.28 blocked
[I] [2021-03-05 13:21:12] RDP: failed login attempt from 94.232.44.218 for user ADMINVDC
[I] [2021-03-05 13:21:26] RDP: failed login attempt from 94.232.44.219 for user ADRIANA
[I] [2021-03-05 13:21:26] 94.232.44.219 blocked
[I] [2021-03-05 13:21:28] RDP: failed login attempt from 94.232.44.215 for user SERVICE
[I] [2021-03-05 13:21:42] RDP: failed login attempt from 94.232.44.215 for user TINA
[I] [2021-03-05 13:21:42] 94.232.44.215 blocked
[I] [2021-03-05 13:21:58] RDP: failed login attempt from 87.251.75.98 for user administrator
[I] [2021-03-05 13:22:00] RDP: failed login attempt from 87.251.75.98 for user administrator
[I] [2021-03-05 13:22:00] RDP: failed login attempt from 87.251.75.98 for user [Unknown]
[I] [2021-03-05 13:22:00] 87.251.75.98 blocked
[I] [2021-03-05 13:22:02] RDP: failed login attempt from 94.232.44.218 for user AGENT
[I] [2021-03-05 13:22:02] RDP: failed login attempt from 87.251.75.98 for user [Unknown]
[I] [2021-03-05 13:22:02] 94.232.44.218 blocked
[I] [2021-03-05 13:22:06] RDP: failed login attempt from 87.251.75.98 for user administrator
[I] [2021-03-05 13:22:08] RDP: failed login attempt from 94.232.41.36 for user SALESFORCE
[I] [2021-03-05 13:22:15] RDP: failed login attempt from 94.232.41.26 for user [Unknown]
[I] [2021-03-05 13:22:16] 94.232.41.26 blocked
[I] [2021-03-05 13:23:02] RDP: failed login attempt from 94.232.46.236 for user administrator
[I] [2021-03-05 13:23:04] RDP: failed login attempt from 94.232.46.236 for user administrator
[I] [2021-03-05 13:23:04] RDP: failed login attempt from 94.232.46.236 for user [Unknown]
[I] [2021-03-05 13:23:04] 94.232.46.236 blocked
[I] [2021-03-05 13:23:06] RDP: failed login attempt from 94.232.46.236 for user administrator
[I] [2021-03-05 13:23:32] RDP: failed login attempt from 94.232.41.38 for user PDA2
[I] [2021-03-05 13:23:36] RDP: failed login attempt from 94.232.41.37 for user GUEST01
[I] [2021-03-05 13:23:40] RDP: failed login attempt from 94.232.41.36 for user [Unknown]
[I] [2021-03-05 13:25:32] RDP: failed login attempt from 94.232.41.36 for user MANOJ
[I] [2021-03-05 13:25:33] 94.232.41.36 blocked
[I] [2021-03-05 13:25:53] RDP: failed login attempt from 94.232.41.38 for user GABRIEL
[I] [2021-03-05 13:26:05] RDP: failed login attempt from 94.232.41.37 for user BRIAN
[I] [2021-03-05 13:26:09] RDP: failed login attempt from 94.232.41.37 for user TEMP
[I] [2021-03-05 13:26:09] 94.232.41.37 blocked
[I] [2021-03-05 13:26:11] RDP: failed login attempt from 94.232.41.38 for user REZA
[I] [2021-03-05 13:26:11] 94.232.41.38 blocked
[I] [2021-03-05 13:31:11] RDP: failed login attempt from 94.232.46.237 for user administrator
[I] [2021-03-05 13:44:45] RDP: failed login attempt from 94.232.42.21 for user SHORTCUTS
[I] [2021-03-05 13:46:56] RDP: failed login attempt from 94.232.42.21 for user REPORTS
[I] [2021-03-05 13:47:06] RDP: failed login attempt from 94.232.42.20 for user TUSER
[I] [2021-03-05 13:47:14] RDP: failed login attempt from 94.232.42.21 for user PAYROLL
[I] [2021-03-05 13:47:14] 94.232.42.21 blocked
[I] [2021-03-05 13:47:16] RDP: failed login attempt from 94.232.42.15 for user IT
[I] [2021-03-05 13:47:46] RDP: failed login attempt from 94.232.43.6 for user ADMIN2
[I] [2021-03-05 13:47:50] RDP: failed login attempt from 94.232.42.17 for user OFFICER
[I] [2021-03-05 13:47:50] RDP: failed login attempt from 94.232.42.15 for user [Unknown]
[I] [2021-03-05 13:47:52] RDP: failed login attempt from 94.232.43.19 for user ANDY
[I] [2021-03-05 13:48:18] RDP: failed login attempt from 94.232.42.20 for user TIM
[I] [2021-03-05 13:48:30] RDP: failed login attempt from 94.232.42.70 for user ASISTENTE
[I] [2021-03-05 13:48:36] RDP: failed login attempt from 94.232.43.6 for user PUBLICO
[I] [2021-03-05 13:48:42] RDP: failed login attempt from 94.232.42.17 for user CARLOS
[I] [2021-03-05 13:48:54] RDP: failed login attempt from 94.232.43.9 for user LOCALADMIN
[I] [2021-03-05 13:48:56] RDP: failed login attempt from 94.232.42.20 for user 700
[I] [2021-03-05 13:48:56] 94.232.42.20 blocked
[I] [2021-03-05 13:48:58] RDP: failed login attempt from 94.232.42.15 for user MANAGER
[I] [2021-03-05 13:48:58] 94.232.42.15 blocked
[I] [2021-03-05 13:49:04] RDP: failed login attempt from 94.232.42.17 for user TS
[I] [2021-03-05 13:49:05] 94.232.42.17 blocked
[I] [2021-03-05 13:49:18] RDP: failed login attempt from 94.232.43.15 for user VENTAS3
[I] [2021-03-05 13:49:24] RDP: failed login attempt from 94.232.43.19 for user PRAXIS
[I] [2021-03-05 13:49:30] RDP: failed login attempt from 94.232.43.19 for user KATHY
[I] [2021-03-05 13:49:30] 94.232.43.19 blocked
[I] [2021-03-05 13:49:36] RDP: failed login attempt from 94.232.42.28 for user ACC2
[I] [2021-03-05 13:49:46] RDP: failed login attempt from 94.232.42.70 for user LAPTOP
[I] [2021-03-05 13:49:51] RDP: failed login attempt from 94.232.42.70 for user TIMECLOCK
[I] [2021-03-05 13:49:51] 94.232.42.70 blocked
[I] [2021-03-05 13:50:12] RDP: failed login attempt from 94.232.43.6 for user [Unknown]
[I] [2021-03-05 13:50:12] 94.232.43.6 blocked
[I] [2021-03-05 13:50:20] RDP: failed login attempt from 94.232.43.9 for user SUPPORT
[I] [2021-03-05 13:51:06] RDP: failed login attempt from 94.232.43.9 for user [Unknown]
[I] [2021-03-05 13:51:06] 94.232.43.9 blocked
[I] [2021-03-05 13:51:16] RDP: failed login attempt from 94.232.43.15 for user AGENDA
[I] [2021-03-05 13:51:42] RDP: failed login attempt from 94.232.43.15 for user 1
[I] [2021-03-05 13:51:43] 94.232.43.15 blocked
[I] [2021-03-05 13:51:48] RDP: failed login attempt from 94.232.42.28 for user NINA
[I] [2021-03-05 13:51:57] RDP: failed login attempt from 94.232.42.28 for user BLUEPRINT
[I] [2021-03-05 13:51:57] 94.232.42.28 blocked
[I] [2021-03-05 13:54:52] RDP: failed login attempt from 94.232.43.24 for user SONIA
[I] [2021-03-05 13:55:16] RDP: failed login attempt from 94.232.42.77 for user BRYAN
[I] [2021-03-05 13:55:24] RDP: failed login attempt from 94.232.42.76 for user MICHELLE
[I] [2021-03-05 13:55:56] RDP: failed login attempt from 94.232.42.78 for user SAM
[I] [2021-03-05 13:56:02] RDP: failed login attempt from 94.232.42.75 for user [Unknown]
[I] [2021-03-05 13:56:13] RDP: failed login attempt from 94.232.42.73 for user [Unknown]
[I] [2021-03-05 13:56:17] RDP: failed login attempt from 94.232.42.80 for user MICHEL
[I] [2021-03-05 13:56:26] RDP: failed login attempt from 185.202.2.101 for user administrator
[I] [2021-03-05 13:56:26] 185.202.2.101 blocked
[I] [2021-03-05 13:56:28] RDP: failed login attempt from 185.202.2.101 for user administrator
[I] [2021-03-05 13:56:37] RDP: failed login attempt from 94.232.42.74 for user [Unknown]
[I] [2021-03-05 13:56:39] RDP: failed login attempt from 94.232.42.72 for user PUBLIC
[I] [2021-03-05 14:00:14] RDP: failed login attempt from 94.232.46.221 for user [Unknown]
[I] [2021-03-05 14:00:14] 94.232.46.221 blocked
[I] [2021-03-05 14:01:41] RDP: failed login attempt from 94.232.42.87 for user CHRIS
[I] [2021-03-05 14:02:57] RDP: failed login attempt from 94.232.42.88 for user SHIPPING
[I] [2021-03-05 14:03:01] RDP: failed login attempt from 94.232.42.89 for user MAHMOUD
[I] [2021-03-05 14:03:19] RDP: failed login attempt from 94.232.42.84 for user GHOST
[I] [2021-03-05 14:03:23] RDP: failed login attempt from 94.232.42.85 for user [Unknown]
[I] [2021-03-05 14:03:33] RDP: failed login attempt from 94.232.43.25 for user KIOSK
[I] [2021-03-05 14:03:43] RDP: failed login attempt from 94.232.42.92 for user TEST123
[I] [2021-03-05 14:04:44] RDP: failed login attempt from 94.232.42.90 for user EDGAR
[I] [2021-03-05 14:05:02] RDP: failed login attempt from 94.232.42.86 for user ACCOUNTANT
[I] [2021-03-05 14:05:16] RDP: failed login attempt from 94.232.43.26 for user FTPUSER
[I] [2021-03-05 14:05:28] RDP: failed login attempt from 94.232.42.81 for user COMPTA
[I] [2021-03-05 14:06:55] Successfully unblocked 185.202.2.130 
[I] [2021-03-05 14:08:38] Successfully unblocked 193.57.40.12 
[I] [2021-03-05 14:09:16] RDP: failed login attempt from 94.232.42.82 for user ROWRITER
[I] [2021-03-05 14:20:41] Successfully unblocked 54.36.128.146 
[I] [2021-03-05 14:22:05] RDP: failed login attempt from 94.232.46.237 for user administrator
[I] [2021-03-05 14:24:29] Successfully unblocked 46.161.27.44 
[I] [2021-03-05 14:31:58] RDP: failed login attempt from 94.232.47.130 for user Test
[I] [2021-03-05 14:32:03] RDP: failed login attempt from 94.232.47.130 for user [Unknown]
[I] [2021-03-05 14:45:51] RDP: failed login attempt from 94.232.43.24 for user SONIA
[I] [2021-03-05 14:46:18] RDP: failed login attempt from 94.232.42.76 for user MICHELLE
[I] [2021-03-05 14:46:26] RDP: failed login attempt from 94.232.42.77 for user BRYAN
[I] [2021-03-05 14:46:26] 94.232.42.77 blocked
[I] [2021-03-05 14:47:04] RDP: failed login attempt from 94.232.42.78 for user SAM
[I] [2021-03-05 14:47:04] 94.232.42.78 blocked
[I] [2021-03-05 14:47:10] RDP: failed login attempt from 94.232.42.75 for user THIAGO
[I] [2021-03-05 14:47:10] 94.232.42.75 blocked
[I] [2021-03-05 14:47:28] RDP: failed login attempt from 94.232.42.73 for user ALI
[I] [2021-03-05 14:47:28] 94.232.42.73 blocked
[I] [2021-03-05 14:47:42] RDP: failed login attempt from 94.232.42.80 for user MICHEL
[I] [2021-03-05 14:47:58] RDP: failed login attempt from 94.232.42.74 for user SHOP
[I] [2021-03-05 14:47:59] 94.232.42.74 blocked
[I] [2021-03-05 14:48:10] RDP: failed login attempt from 94.232.42.72 for user PUBLIC
[I] [2021-03-05 14:48:11] 94.232.42.72 blocked
[I] [2021-03-05 14:49:43] RDP: failed login attempt from 94.232.46.237 for user [Unknown]
[I] [2021-03-05 14:49:43] 94.232.46.237 blocked
[I] [2021-03-05 14:50:41] RDP: failed login attempt from 103.99.0.39 for user ADMINISTRATOR
[I] [2021-03-05 14:53:55] RDP: failed login attempt from 94.232.42.87 for user CHRIS
[I] [2021-03-05 14:53:55] 94.232.42.87 blocked
[I] [2021-03-05 14:55:33] RDP: failed login attempt from 94.232.42.89 for user MAHMOUD
[I] [2021-03-05 14:55:34] 94.232.42.89 blocked
[I] [2021-03-05 14:55:35] RDP: failed login attempt from 94.232.42.88 for user SHIPPING
[I] [2021-03-05 14:55:36] 94.232.42.88 blocked
[I] [2021-03-05 14:55:55] RDP: failed login attempt from 94.232.42.84 for user [Unknown]
[I] [2021-03-05 14:56:01] RDP: failed login attempt from 94.232.43.25 for user KIOSK
[I] [2021-03-05 14:56:01] RDP: failed login attempt from 94.232.42.85 for user [Unknown]
[I] [2021-03-05 14:56:01] 94.232.42.85 blocked
[I] [2021-03-05 14:56:01] 94.232.43.25 blocked
[I] [2021-03-05 14:56:31] RDP: failed login attempt from 94.232.42.92 for user TEST123
[I] [2021-03-05 14:56:31] 94.232.42.92 blocked
[I] [2021-03-05 14:57:05] RDP: failed login attempt from 94.232.46.241 for user administrator
[I] [2021-03-05 14:57:07] RDP: failed login attempt from 94.232.46.241 for user administrator
[I] [2021-03-05 14:57:09] RDP: failed login attempt from 172.26.0.9 for user administrator
[I] [2021-03-05 14:57:09] 172.26.0.9 is whitelisted. Skipped.
[I] [2021-03-05 14:57:09] RDP: failed login attempt from 94.232.46.241 for user [Unknown]
[I] [2021-03-05 14:57:09] 94.232.46.241 blocked
[I] [2021-03-05 14:57:11] RDP: failed login attempt from 94.232.46.241 for user administrator
[I] [2021-03-05 14:57:11] RDP: failed login attempt from 94.232.46.241 for user [Unknown]
[I] [2021-03-05 14:57:42] RDP: failed login attempt from 94.232.42.90 for user [Unknown]
[I] [2021-03-05 14:57:43] 94.232.42.90 blocked
[I] [2021-03-05 14:58:09] RDP: failed login attempt from 94.232.42.86 for user ACCOUNTANT
[I] [2021-03-05 14:58:09] 94.232.42.86 blocked
[I] [2021-03-05 14:58:31] RDP: failed login attempt from 94.232.43.26 for user FTPUSER
[I] [2021-03-05 14:58:59] RDP: failed login attempt from 94.232.42.81 for user COMPTA
[I] [2021-03-05 15:05:16] RDP: failed login attempt from 94.232.42.82 for user ROWRITER
[I] [2021-03-05 15:05:16] 94.232.42.82 blocked
[I] [2021-03-05 15:17:47] RDP: failed login attempt from 87.251.75.94 for user administrator
[I] [2021-03-05 15:17:49] RDP: failed login attempt from 87.251.75.94 for user administrator
[I] [2021-03-05 15:17:51] RDP: failed login attempt from 87.251.75.94 for user administrator
[I] [2021-03-05 15:17:52] 87.251.75.94 blocked
[I] [2021-03-05 15:17:53] RDP: failed login attempt from 87.251.75.94 for user administrator
[I] [2021-03-05 15:17:55] RDP: failed login attempt from 87.251.75.94 for user test
[I] [2021-03-05 15:30:06] Successfully unblocked 94.232.40.49 
[I] [2021-03-05 15:30:16] RDP: failed login attempt from 94.232.40.49 for user [Unknown]
[I] [2021-03-05 15:30:18] RDP: failed login attempt from 94.232.40.49 for user sinergiak
[I] [2021-03-05 15:30:20] RDP: failed login attempt from 94.232.40.49 for user garajel
[I] [2021-03-05 15:30:20] 94.232.40.49 blocked
[I] [2021-03-05 15:30:36] RDP: failed login attempt from 94.232.43.24 for user SONIA
[I] [2021-03-05 15:30:37] 94.232.43.24 blocked
[I] [2021-03-05 15:30:57] RDP: failed login attempt from 94.232.42.76 for user MICHELLE
[I] [2021-03-05 15:30:57] 94.232.42.76 blocked
[I] [2021-03-05 15:32:35] RDP: failed login attempt from 94.232.42.80 for user MICHEL
[I] [2021-03-05 15:32:36] 94.232.42.80 blocked
[I] [2021-03-05 15:39:36] RDP: failed login attempt from 94.232.42.84 for user GHOST
[I] [2021-03-05 15:39:37] 94.232.42.84 blocked
[I] [2021-03-05 15:42:20] RDP: failed login attempt from 94.232.43.26 for user FTPUSER
[I] [2021-03-05 15:42:20] 94.232.43.26 blocked
[I] [2021-03-05 15:42:58] RDP: failed login attempt from 94.232.42.81 for user COMPTA
[I] [2021-03-05 15:42:58] 94.232.42.81 blocked
[I] [2021-03-05 15:56:02] RDP: failed login attempt from 157.245.65.159 for user [Unknown]
[I] [2021-03-05 15:56:54] RDP: failed login attempt from 193.142.146.217 for user [Unknown]
[I] [2021-03-05 15:57:26] RDP: failed login attempt from 193.142.146.217 for user HIGHLAND
[I] [2021-03-05 15:58:04] RDP: failed login attempt from 193.142.146.217 for user [Unknown]
[I] [2021-03-05 15:58:04] 193.142.146.217 blocked
[I] [2021-03-05 16:02:38] Successfully unblocked 139.60.160.164 
[I] [2021-03-05 16:04:13] Successfully unblocked 104.167.12.58 
[I] [2021-03-05 16:04:32] RDP: failed login attempt from 193.57.40.10 for user [Unknown]
[I] [2021-03-05 16:04:40] RDP: failed login attempt from 193.57.40.10 for user Administrator
[I] [2021-03-05 16:04:42] RDP: failed login attempt from 193.57.40.10 for user Administrator
[I] [2021-03-05 16:04:42] 193.57.40.10 blocked
[I] [2021-03-05 16:04:44] RDP: failed login attempt from 193.57.40.10 for user Administrator
[I] [2021-03-05 16:04:52] RDP: failed login attempt from 104.167.12.58 for user ADMINISTRADOR
[I] [2021-03-05 16:05:51] RDP: failed login attempt from 104.167.12.58 for user ADMINISTRATOR
[I] [2021-03-05 16:06:49] RDP: failed login attempt from 104.167.12.58 for user ADMINISTRADOR
[I] [2021-03-05 16:06:50] 104.167.12.58 blocked
[I] [2021-03-05 16:07:57] Successfully unblocked 193.169.255.186 
[I] [2021-03-05 16:14:06] RDP: failed login attempt from 5.253.84.217 for user [Unknown]
[I] [2021-03-05 16:14:42] RDP: failed login attempt from 5.253.84.217 for user [Unknown]
[I] [2021-03-05 16:15:20] RDP: failed login attempt from 5.253.84.217 for user ADMINISTRATEUR
[I] [2021-03-05 16:15:20] 5.253.84.217 blocked
[I] [2021-03-05 16:21:37] RDP: failed login attempt from 103.99.0.39 for user ADMINISTRATOR
[I] [2021-03-05 16:24:34] RDP: failed login attempt from 85.93.20.10 for user Administrator
[I] [2021-03-05 16:28:32] Successfully unblocked 203.159.172.22 
[I] [2021-03-05 16:29:53] Successfully unblocked 80.58.132.9 
[I] [2021-03-05 16:30:08] RDP: failed login attempt from 203.159.172.22 for user [Unknown]
[I] [2021-03-05 16:38:20] RDP: failed login attempt from 203.159.172.22 for user ADMINISTRADOR
[I] [2021-03-05 16:39:41] Successfully unblocked 163.172.127.47 
[I] [2021-03-05 16:45:59] Successfully unblocked 188.152.249.200 
[I] [2021-03-05 16:46:35] RDP: failed login attempt from 203.159.172.22 for user ADMINISTRADOR
[I] [2021-03-05 16:46:35] 203.159.172.22 blocked
[I] [2021-03-05 16:46:47] Successfully unblocked 194.224.169.252 
[I] [2021-03-05 16:47:09] Successfully unblocked 173.249.53.3 
[I] [2021-03-05 16:47:29] Successfully unblocked 185.228.124.24 
[I] [2021-03-05 16:54:40] Successfully unblocked 2.136.115.164 
[I] [2021-03-05 16:56:23] Successfully unblocked 46.27.29.112 
[I] [2021-03-05 16:58:34] Successfully unblocked 5.188.67.190 
[I] [2021-03-05 17:01:06] Successfully unblocked 213.220.220.50 
[I] [2021-03-05 17:02:57] Successfully unblocked 79.6.211.106 
[I] [2021-03-05 17:03:21] RDP: failed login attempt from 85.93.20.10 for user Administrator
[I] [2021-03-05 17:03:23] RDP: failed login attempt from 85.93.20.10 for user [Unknown]
[I] [2021-03-05 17:03:23] 85.93.20.10 blocked
[I] [2021-03-05 17:04:22] Successfully unblocked 185.202.1.43 
[I] [2021-03-05 17:04:31] Successfully unblocked 75.129.134.130 
[I] [2021-03-05 17:07:23] Successfully unblocked 141.255.251.87 
[I] [2021-03-05 17:08:13] Successfully unblocked 89.250.82.36 
[I] [2021-03-05 17:08:29] Successfully unblocked 80.55.34.139 
[I] [2021-03-05 17:09:48] Successfully unblocked 85.62.153.211 
[I] [2021-03-05 17:10:43] Successfully unblocked 91.116.139.68 
[I] [2021-03-05 17:12:16] Successfully unblocked 95.213.169.228 
[I] [2021-03-05 17:23:22] Successfully unblocked 45.146.164.61 
[I] [2021-03-05 17:28:20] RDP: failed login attempt from 45.155.205.215 for user Install
[I] [2021-03-05 17:28:22] RDP: failed login attempt from 45.155.205.215 for user Reception
[I] [2021-03-05 17:28:24] RDP: failed login attempt from 45.155.205.215 for user Install
[I] [2021-03-05 17:28:24] 45.155.205.215 blocked
[I] [2021-03-05 17:28:26] RDP: failed login attempt from 45.155.205.215 for user Temp
[I] [2021-03-05 17:28:28] RDP: failed login attempt from 45.155.205.215 for user Scanner
[I] [2021-03-05 17:58:29] Successfully unblocked 185.202.1.81 
[I] [2021-03-05 18:02:45] RDP: failed login attempt from 87.251.75.95 for user administrator
[I] [2021-03-05 18:02:47] RDP: failed login attempt from 87.251.75.95 for user administrator
[I] [2021-03-05 18:02:49] RDP: failed login attempt from 87.251.75.95 for user administrator
[I] [2021-03-05 18:02:49] 87.251.75.95 blocked
[I] [2021-03-05 18:02:51] RDP: failed login attempt from 87.251.75.95 for user administrator
[I] [2021-03-05 18:05:04] RDP: failed login attempt from 103.116.105.56 for user ADMINISTRATOR
[I] [2021-03-05 18:09:16] RDP: failed login attempt from 103.116.105.56 for user ADMIN
[I] [2021-03-05 18:09:57] Successfully unblocked 62.12.108.113 
[I] [2021-03-05 18:13:37] RDP: failed login attempt from 103.116.105.56 for user [Unknown]
[I] [2021-03-05 18:13:38] 103.116.105.56 blocked
[I] [2021-03-05 18:23:49] Successfully unblocked 60.2.128.198 
[I] [2021-03-05 18:37:40] Successfully unblocked 138.201.201.17 
[I] [2021-03-05 18:38:30] RDP: failed login attempt from 12.159.253.133 for user SUPPORT
[I] [2021-03-05 18:38:44] RDP: failed login attempt from 138.201.201.17 for user HALIMA
[I] [2021-03-05 18:39:53] RDP: failed login attempt from 221.148.35.72 for user ADMINISTRATOR
[I] [2021-03-05 18:40:33] RDP: failed login attempt from 138.201.201.17 for user KASSANDRA
[I] [2021-03-05 18:42:20] RDP: failed login attempt from 138.201.201.17 for user [Unknown]
[I] [2021-03-05 18:42:20] 138.201.201.17 blocked
[I] [2021-03-05 18:48:58] Successfully unblocked 86.34.186.218 
[I] [2021-03-05 18:52:36] Successfully unblocked 36.250.11.6 
[I] [2021-03-05 18:55:23] RDP: failed login attempt from 221.148.35.72 for user ADMINISTRATOR
[I] [2021-03-05 19:01:43] Successfully unblocked 212.237.43.68 
[I] [2021-03-05 19:08:55] RDP: failed login attempt from 221.148.35.72 for user [Unknown]
[I] [2021-03-05 19:08:56] 221.148.35.72 blocked
[I] [2021-03-05 19:17:43] RDP: failed login attempt from 182.253.19.202 for user ADMINISTRATOR
[I] [2021-03-05 19:20:28] Successfully unblocked 62.197.235.125 
[I] [2021-03-05 19:20:34] RDP: failed login attempt from 182.253.19.202 for user ADMIN
[I] [2021-03-05 19:21:43] RDP: failed login attempt from 193.57.40.12 for user Administrator
[I] [2021-03-05 19:21:47] RDP: failed login attempt from 193.57.40.12 for user Administrator
[I] [2021-03-05 19:21:52] RDP: failed login attempt from 193.57.40.12 for user Administrator
[I] [2021-03-05 19:21:52] RDP: failed login attempt from 193.57.40.12 for user [Unknown]
[I] [2021-03-05 19:21:52] 193.57.40.12 blocked
[I] [2021-03-05 19:21:54] RDP: failed login attempt from 193.57.40.12 for user Administrator
[I] [2021-03-05 19:21:54] RDP: failed login attempt from 193.57.40.12 for user [Unknown]
[I] [2021-03-05 19:23:32] RDP: failed login attempt from 182.253.19.202 for user [Unknown]
[I] [2021-03-05 19:23:32] 182.253.19.202 blocked
[I] [2021-03-05 19:32:43] RDP: failed login attempt from 94.232.47.130 for user Administrator
[I] [2021-03-05 19:32:43] RDP: failed login attempt from 94.232.47.130 for user [Unknown]
[I] [2021-03-05 19:32:43] RDP: failed login attempt from 94.232.47.130 for user [Unknown]
[I] [2021-03-05 19:32:43] 94.232.47.130 blocked
[I] [2021-03-05 19:36:11] Successfully unblocked 210.13.253.248 
[I] [2021-03-05 19:40:35] Successfully unblocked 122.143.116.198 
[I] [2021-03-05 19:45:57] RDP: failed login attempt from 221.178.239.200 for user ADMINISTRATOR
[I] [2021-03-05 19:46:13] RDP: failed login attempt from 118.180.214.5 for user ADMINISTRATOR
[I] [2021-03-05 19:51:33] RDP: failed login attempt from 39.165.231.61 for user [Unknown]
[I] [2021-03-05 19:53:47] Successfully unblocked 89.101.94.162 
[I] [2021-03-05 19:56:27] RDP: failed login attempt from 111.19.129.38 for user ADMINISTRATOR
[I] [2021-03-05 19:58:52] RDP: failed login attempt from 203.205.32.184 for user ADMINISTRATOR
[I] [2021-03-05 20:01:23] RDP: failed login attempt from 113.28.71.229 for user ADMINISTRATOR
[I] [2021-03-05 20:06:01] RDP: failed login attempt from 86.34.186.218 for user 12345
[I] [2021-03-05 20:06:17] RDP: failed login attempt from 124.116.171.30 for user ADMINISTRATOR
[I] [2021-03-05 20:14:18] RDP: failed login attempt from 51.159.92.95 for user [Unknown]
[I] [2021-03-05 20:20:03] RDP: failed login attempt from 39.165.231.61 for user ADMIN
[I] [2021-03-05 20:20:57] RDP: failed login attempt from 51.159.92.95 for user ADMINISTRATOR
[I] [2021-03-05 20:24:15] RDP: failed login attempt from 111.19.129.38 for user ADMINISTRATOR
[I] [2021-03-05 20:24:41] RDP: failed login attempt from 51.159.92.95 for user ADMINISTRATOR
[I] [2021-03-05 20:24:41] 51.159.92.95 blocked
[I] [2021-03-05 20:25:21] RDP: failed login attempt from 203.205.32.184 for user ADMINISTRATOR
[I] [2021-03-05 20:25:47] RDP: failed login attempt from 113.28.71.229 for user GUEST
[I] [2021-03-05 20:30:51] Successfully unblocked 218.189.86.210 
[I] [2021-03-05 20:35:20] RDP: failed login attempt from 118.180.214.5 for user ADMINISTRATOR
[I] [2021-03-05 20:35:28] RDP: failed login attempt from 221.178.239.200 for user ADMINISTRATOR
[I] [2021-03-05 20:37:00] RDP: failed login attempt from 89.101.94.162 for user ADMINISTRADOR
[I] [2021-03-05 20:42:30] RDP: failed login attempt from 89.248.165.23 for user [Unknown]
[I] [2021-03-05 20:46:10] RDP: failed login attempt from 221.182.55.91 for user ADMINISTRATOR
[I] [2021-03-05 20:47:04] RDP: failed login attempt from 113.28.71.229 for user GUEST
[I] [2021-03-05 20:47:05] 113.28.71.229 blocked
[I] [2021-03-05 20:48:37] RDP: failed login attempt from 111.19.129.38 for user [Unknown]
[I] [2021-03-05 20:48:37] 111.19.129.38 blocked
[I] [2021-03-05 20:49:53] RDP: failed login attempt from 39.165.231.61 for user [Unknown]
[I] [2021-03-05 20:49:53] 39.165.231.61 blocked
[I] [2021-03-05 20:51:54] RDP: failed login attempt from 203.205.32.184 for user ADMINISTRATOR
[I] [2021-03-05 20:51:54] 203.205.32.184 blocked
[I] [2021-03-05 20:56:03] RDP: failed login attempt from 190.145.12.158 for user ADMINISTRATOR
[I] [2021-03-05 21:04:37] RDP: failed login attempt from 190.145.12.158 for user ADMINISTRATOR
[I] [2021-03-05 21:07:42] RDP: failed login attempt from 185.56.80.222 for user [Unknown]
[I] [2021-03-05 21:07:46] RDP: failed login attempt from 185.56.80.222 for user owner
[I] [2021-03-05 21:07:54] RDP: failed login attempt from 185.56.80.222 for user [Unknown]
[I] [2021-03-05 21:07:54] 185.56.80.222 blocked
[I] [2021-03-05 21:08:18] RDP: failed login attempt from 203.79.181.201 for user ADMINISTRADOR
[I] [2021-03-05 21:11:47] Successfully unblocked 185.202.1.124 
[I] [2021-03-05 21:12:10] RDP: failed login attempt from 124.116.171.30 for user ADMINISTRATOR
[I] [2021-03-05 21:13:12] RDP: failed login attempt from 190.145.12.158 for user ADMINISTRATOR
[I] [2021-03-05 21:13:12] 190.145.12.158 blocked
[I] [2021-03-05 21:15:11] RDP: failed login attempt from 86.34.186.218 for user [Unknown]
[I] [2021-03-05 21:18:26] RDP: failed login attempt from 89.248.165.23 for user ADMIN
[I] [2021-03-05 21:21:31] RDP: failed login attempt from 203.79.181.201 for user ADMINISTRADOR
[I] [2021-03-05 21:21:45] RDP: failed login attempt from 221.182.55.91 for user ADMINISTRATOR
[I] [2021-03-05 21:24:16] RDP: failed login attempt from 118.180.214.5 for user ADMINISTRATOR
[I] [2021-03-05 21:24:16] 118.180.214.5 blocked
[I] [2021-03-05 21:28:22] RDP: failed login attempt from 221.182.55.91 for user ADMINISTRATOR
[I] [2021-03-05 21:28:22] 221.182.55.91 blocked
[I] [2021-03-05 21:34:47] RDP: failed login attempt from 203.79.181.201 for user [Unknown]
[I] [2021-03-05 21:34:48] 203.79.181.201 blocked
[I] [2021-03-05 21:34:49] Successfully unblocked 94.232.47.160 
[I] [2021-03-05 21:38:48] RDP: failed login attempt from 89.101.94.162 for user ADMINISTRADOR
[I] [2021-03-05 21:50:54] Successfully unblocked 91.220.163.150 
[I] [2021-03-05 21:53:59] RDP: failed login attempt from 12.159.253.133 for user SUPPORT
[I] [2021-03-05 21:56:16] RDP: failed login attempt from 89.248.165.23 for user GUEST
[I] [2021-03-05 21:56:16] 89.248.165.23 blocked
[I] [2021-03-05 21:57:14] RDP: failed login attempt from 221.178.239.200 for user [Unknown]
[I] [2021-03-05 21:57:14] 221.178.239.200 blocked
[I] [2021-03-05 22:02:42] RDP: failed login attempt from 190.85.1.131 for user ADMIN
[I] [2021-03-05 22:03:31] RDP: failed login attempt from 187.157.165.86 for user ADMINISTRADORES
[I] [2021-03-05 22:03:39] RDP: failed login attempt from 190.85.1.131 for user ADMINISTRATOR
[I] [2021-03-05 22:04:25] RDP: failed login attempt from 190.119.227.211 for user ADMINISTRADOR
[I] [2021-03-05 22:04:35] RDP: failed login attempt from 190.85.1.131 for user [Unknown]
[I] [2021-03-05 22:04:35] 190.85.1.131 blocked
[I] [2021-03-05 22:04:41] RDP: failed login attempt from 187.157.165.86 for user ADMINISTRADORES
[I] [2021-03-05 22:05:29] RDP: failed login attempt from 190.119.227.211 for user ADMINISTRADOR
[I] [2021-03-05 22:05:51] RDP: failed login attempt from 187.157.165.86 for user ADMINISTRADORES
[I] [2021-03-05 22:05:52] 187.157.165.86 blocked
[I] [2021-03-05 22:06:08] RDP: failed login attempt from 95.47.90.128 for user ALEJANDRO
[I] [2021-03-05 22:06:32] RDP: failed login attempt from 95.47.90.128 for user HECTOR
[I] [2021-03-05 22:06:38] RDP: failed login attempt from 190.119.227.211 for user ADMINISTRADOR
[I] [2021-03-05 22:06:38] 190.119.227.211 blocked
[I] [2021-03-05 22:06:46] RDP: failed login attempt from 95.47.90.128 for user PATRICIO
[I] [2021-03-05 22:06:46] 95.47.90.128 blocked
[I] [2021-03-05 22:07:42] RDP: failed login attempt from 124.116.171.30 for user [Unknown]
[I] [2021-03-05 22:07:42] 124.116.171.30 blocked
[I] [2021-03-05 22:08:32] RDP: failed login attempt from 167.250.205.178 for user RECEPSION
[I] [2021-03-05 22:08:52] RDP: failed login attempt from 178.124.197.166 for user DEPOSITO
[I] [2021-03-05 22:09:39] RDP: failed login attempt from 200.36.168.228 for user ADMINISTRACION
[I] [2021-03-05 22:09:47] RDP: failed login attempt from 167.250.205.178 for user RECEPSION
[I] [2021-03-05 22:09:50] RDP: failed login attempt from 178.124.197.166 for user [Unknown]
[I] [2021-03-05 22:10:39] RDP: failed login attempt from 200.36.168.228 for user ADMINISTRACION
[I] [2021-03-05 22:10:45] RDP: failed login attempt from 178.124.197.166 for user DEPOSITO
[I] [2021-03-05 22:10:45] 178.124.197.166 blocked
[I] [2021-03-05 22:11:01] RDP: failed login attempt from 167.250.205.178 for user RECEPSION
[I] [2021-03-05 22:11:01] 167.250.205.178 blocked
[I] [2021-03-05 22:11:09] RDP: failed login attempt from 189.176.185.166 for user CUENTAS
[I] [2021-03-05 22:11:23] RDP: failed login attempt from 200.95.237.138 for user FRANCISCO
[I] [2021-03-05 22:11:43] RDP: failed login attempt from 200.36.168.228 for user ADMINISTRACION
[I] [2021-03-05 22:11:43] 200.36.168.228 blocked
[I] [2021-03-05 22:12:07] RDP: failed login attempt from 172.26.0.9 for user RICARDO
[I] [2021-03-05 22:12:07] 172.26.0.9 is whitelisted. Skipped.
[I] [2021-03-05 22:12:09] RDP: failed login attempt from 161.132.196.200 for user MIGUEL
[I] [2021-03-05 22:12:09] RDP: failed login attempt from 152.0.81.13 for user [Unknown]
[I] [2021-03-05 22:12:21] RDP: failed login attempt from 200.95.237.138 for user FRANCISCO
[I] [2021-03-05 22:12:39] RDP: failed login attempt from 189.176.185.166 for user [Unknown]
[I] [2021-03-05 22:13:03] RDP: failed login attempt from 152.0.81.13 for user JAVIER
[I] [2021-03-05 22:13:11] RDP: failed login attempt from 161.132.196.200 for user MIGUEL
[I] [2021-03-05 22:13:23] RDP: failed login attempt from 200.95.237.138 for user FRANCISCO
[I] [2021-03-05 22:13:24] 200.95.237.138 blocked
[I] [2021-03-05 22:13:33] RDP: failed login attempt from 152.0.81.179 for user JORGE
[I] [2021-03-05 22:13:58] RDP: failed login attempt from 152.0.81.13 for user ROSA
[I] [2021-03-05 22:13:58] 152.0.81.13 blocked
[I] [2021-03-05 22:14:05] RDP: failed login attempt from 189.176.185.166 for user [Unknown]
[I] [2021-03-05 22:14:06] 189.176.185.166 blocked
[I] [2021-03-05 22:14:17] RDP: failed login attempt from 161.132.196.200 for user MIGUEL
[I] [2021-03-05 22:14:17] 161.132.196.200 blocked
[I] [2021-03-05 22:14:31] RDP: failed login attempt from 152.0.81.179 for user JORGE
[I] [2021-03-05 22:15:30] RDP: failed login attempt from 152.0.81.179 for user JORGE
[I] [2021-03-05 22:15:30] 152.0.81.179 blocked
[I] [2021-03-05 22:17:11] RDP: failed login attempt from 14.207.144.122 for user [Unknown]
[I] [2021-03-05 22:17:38] RDP: failed login attempt from 14.207.144.122 for user ADMINISTRADOR
[I] [2021-03-05 22:17:46] RDP: failed login attempt from 14.207.144.122 for user BODEGA1
[I] [2021-03-05 22:17:47] 14.207.144.122 blocked
[I] [2021-03-05 22:25:56] RDP: failed login attempt from 86.34.186.218 for user COMPUTER
[I] [2021-03-05 22:25:56] 86.34.186.218 blocked
[I] [2021-03-05 22:32:44] Successfully unblocked 90.173.102.30 
[I] [2021-03-05 22:39:52] RDP: failed login attempt from 89.101.94.162 for user ADMINISTRADOR
[I] [2021-03-05 22:39:52] 89.101.94.162 blocked
[I] [2021-03-05 23:08:48] RDP: failed login attempt from 94.232.46.243 for user administrator
[I] [2021-03-05 23:08:48] RDP: failed login attempt from 94.232.46.243 for user [Unknown]
[I] [2021-03-05 23:08:50] RDP: failed login attempt from 94.232.46.243 for user administrator
[I] [2021-03-05 23:08:51] 94.232.46.243 blocked
[I] [2021-03-05 23:08:54] RDP: failed login attempt from 94.232.46.243 for user [Unknown]
[I] [2021-03-05 23:18:53] Successfully unblocked 194.26.29.13 
[I] [2021-03-05 23:20:39] Successfully unblocked 45.141.87.9 
[I] [2021-03-05 23:22:56] Successfully unblocked 194.26.29.15 
[I] [2021-03-05 23:34:51] RDP: failed login attempt from 217.126.191.222 for user 0007
[I] [2021-03-05 23:36:08] RDP: failed login attempt from 217.126.191.222 for user AGORASERVICE
[I] [2021-03-05 23:37:30] RDP: failed login attempt from 217.126.191.222 for user [Unknown]
[I] [2021-03-05 23:37:30] 217.126.191.222 blocked
[I] [2021-03-05 23:40:33] Successfully unblocked 194.26.29.182 
[I] [2021-03-05 23:41:20] Successfully unblocked 89.248.168.92 
[I] [2021-03-05 23:48:35] Successfully unblocked 3.10.217.158 
[I] [2021-03-05 23:49:39] Successfully unblocked 112.13.203.22 

me interesa!!!....vamos a analizarlo

logs

trazabilidad

VPN

VPN

DC1

DC2

TS

apps

DA

DNS

ficheros

log de la VPN

log de seguridad

logs servidor (dc's/DA)

logs

trazabilidad

com

servers

apps (...)

¿?

logs

trazabilidad

SIEM

Gestión de Eventos e Información de Seguridad

SIEM

trazabilidad

Slastic Search

Q Radar

Logica

Splunk

Sumo Logic

...

AlienVault

SIEM

SIEM

trazabilidad

sondas/sensores/agentes

Recolector/ETL

Nucleo

recibe logs, json, ... los transforma y adapta

analiza, busca, correlaciona  y almacena todos los eventos

Visualizador

genera vistas, paneles de mando e informes

Microsoft RDP

VPN

VPN

DC1

DC2

TS

apps

DA

DNS

ficheros

trazabilidad

SIEM

trazabilidad

demo

PRTG

SIEM

CARMEN

SIEM

trazabilidad

CARMEN

trazabilidad

Carmen es una solución desarrollada con el objetivo de identificar el compromiso de la red de una organización por parte de amenazas persistentes avanzadas (APT). En este sentido, constituye la primera capacidad española, basada en conocimiento y tecnología nacionales

Las capacidades de adquisición y análisis de la herramienta permiten cubrir las principales vías de comunicación de estas amenazas con el exterior (navegación web, consultas DNS y correo electrónico), y los diferentes mecanismos de comunicación interna en la red comprometida.

acceso remoto

M3

videoconferencia

VC

acceso remoto

VC

acceso remoto

VC

acceso remoto

cifrado extremo extremo

con app local o sólo navegador

atención en los envíos de ficheros

ojo al abrir enlaces desde el chat

los ficheros de las vc pueden quedarse en la nube del fabricante

acceso remoto

M3

Revisión recomendaciones

CCN-acceso remoto

acceso remoto

M3

acceso remoto

M3

DUDAS

g

r

а

с

i

a

s

Curso de auditoria IT. acceso remoto. día 4

By YBK

Curso de auditoria IT. acceso remoto. día 4

Curso de auditoria IT. acceso remoto. Módulo 3. día 4

  • 608