We have two domains which we administer each on totally different subnets.
Users on each of their respective domains have no cross-domain access.
In the past few weeks we have been noticing random NT user sessions on three
SQL servers on Domain 'A'. The sessions are coming from 3 users on Domain
'B' who are developers and administer SQL servers on Domain 'B'. Their
sessions on the Domain 'A' servers seemingly start and stop within 15 minutes
according to login events shown on the Domain 'A' server Security Event
Viewer. The sessions never show any files that are being accessed. Each of
the user's PC's are Windows 2000 Pro SP2 and the servers are Windows 2003
SP1.
I went to each of the PC's to examine what processes are running, drive
mappings, host files, etc. but could not find anything unusual. I also went
to a command line a verified that the servers on Domain 'A' could not be
resolved or accessed via host name or IP address. I also looked in the ARP
table, Routing table, and performed NSLOOKUP tests. Lastly, I did a NBTSTAT
-RR and -R on each of the machine. The NATs on the routers have been checked
with no mix up on names or ip addresses that may elude to an issue.
Does anyone have suggestions on what else I can try to see what's going on
here? There is no apparent malicious activity going on....its just the fact
that there appears to be a 'hole' that certainly needs to be filled.
Thanks in advance,
Pcolaboy
|
Similar Threads
Linear Mode
