Weird Windows logon attempts

Hi All,

We have just setup ntsyslog from sourceforge.net. Our security policy is to log events on failure and we have just started seeing the below events. After talking with the users we are pretty sure that they are not attempting to access the services. And they don't have accounts on that system.

Has anyone seen this? They are 2k/XP boxes. Does Windows 2k/XP automagically try to find out what services are accessible? Any insight would be great.

The username has been changed to USERNAME to protect, the hopefully, innocent.

Thanks,
Harry

Feb 22 13:27:49 exchange.auckland.ac.nz/exchange.auckland.ac.nz security[failure] 681 NT AUTHORITY\SYSTEM The logon to account: USERNAME by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 from workstation: G731-220-4 failed. The error code was: 3221225572
Feb 22 13:27:49 exchange.auckland.ac.nz/exchange.auckland.ac.nz security[failure] 681 NT AUTHORITY\SYSTEM The logon to account: USERNAME by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 from workstation: G731-220-4 failed. The error code was: 3221225572

-- 
Harry Hoffman
ITSS Systems Team Leader
University of Auckland
hhoffman@auckland.ac.nz
hhoffman@ip-solutions.net
STANDARD DISCLAIMER:

**********************************************

*This universe shipped by weight, not volume.*

*Some expansion may have occured in shipping.*


*********************************************




-------------------------------------------------
This mail sent through IpSolutions: 
http://www.ip-solutions.net/

----------------------------------------------------------------------------

Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
www.securityfocus.com/core