We have a small network (less than 50 workstations), and I notice in the Security Event Logs of each workstation there will usually be several audit failures. For example:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 3/30/2009
Time: 8:19:25 AM
User: NT AUTHORITY\SYSTEM
Computer: [ComputerName]
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: [UserName]
Domain: [ComputerName]
Logon Type: 2
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: [ComputerName]

Seeing several of these events normally would make me think that this was an intrusion attempt, but I am dubious because some of the login failures appear to originate from my own machine at a time when I am using it. I have certainly never tried to break into another computer on the network (especially since I have my own admin account on all of them). It also seems to be random as to which computer the failure originates from. I wonder whether it is possible that some software installed on the machines is scanning the network. Maybe Windows is sending out requests that are denied access by other machines. I have even thought that maybe incorrectly entered user names and passwords from legitimate login attempts are somehow propagating throughout the network.

Is this something common among Windows networks? If so, how do you tell the difference in regular network noise and intrusion attempts?

My network specs:
Peer-to-peer network (no domain or Active Directory)
DNS server uses Windows 2003 R2
Workstations all use Windows XP