I am having an issue of what seems to be unauthorized access to a server and would like to direct you to the images below.
From the event log viewer I am seeing there is a login type of 10 (which research shows me is a remote login). Yet the source of the login is the local machine with a source IP of 127.0.0.1
.
Secondly my Wireshark capture is showing traffic from localhost
to localhost
with random usernames. Could I please be directed to where/how I could stop this and probably also find out how a remote login has a source IP of localhost
.