I have a SQL Server 2008 Enterprise R2 installation, and a client accesses it using TOAD for SQL Server across a VPN. All he has to do is load his copy of TOAD while on the VPN (doesn’t even have to connect to my database server), and my SQL Server box is immediately flooded (seen via the Security Event Log) with failed NTLM lgoin attempts from the computer that is running TOAD, all on different ports, which continues once a second until TOAD exits. I have seen nothing on the net that relates to this yet. TOAD has been uninstalled and re-installed, so a virus is doubtful, and it definitely occurs when TOAD starts, and stops when TOAD exits.
Has anyone seen a problem like this, or can anyone give me a place to look to rectify this situation? I know I can use another query analyzer instead of TOAD, but the point here is to use TOAD without having these issues with security on my SQL Server box.