I have a 6.5 SP5 server at the school system central office that
repeatedly turns on the yellow or red light in NRM stating that I have
had an excessive amount of failed logins attempted. The username
associated with the failed login is either "cn=admin.xx.xx.x"
or "ou=servers.xx.xx.x". Is ther something other that someone trying to
hack the server that causes this error? I have 42 other schools and I am
not seeing any login attempts from those schools. I had 243 attempts
from different IP address in 2 minute. How do I catch this guy?

Thanks for your help,