I have a pool of about a dozen netware 6.5.6 servers and, on two of
them, I am constantly getting a strange intruder lockout message. It
doesn't give me a userid. Only the full context. Neither does it give
the mac address of the intruder. It basically says...

Intruder Lockout on account .MIS.GCO

....where .MIS is the OU and .GCO is the O. Could this be a case of
someone trying to log in without populating the userid box in their
client. It's happening too frequent for me to envision that as a viable
explanation. Any other ideas?