Re: Thousands of Failed logon audits
- From: "Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx>
- Date: Mon, 2 Apr 2007 17:40:10 -0400
Is FTP running on the SBS server or ports 20, 21 forwarded from the router
to the server ?
--
Merv Porter [SBS-MVP]
============================
"Darran" <Darran@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2FF1A559-31C6-4AA8-8B9B-9F73E5599912@xxxxxxxxxxxxxxxx
Evening, I am running SBS2003 and checking my security log I have
discovered
thousands of failed logon records. They all look as though it is coming
from
something within the server rather than an attack from the outside. The
details are:
Logon Failure:
Reason: Unknown user name or bad password
User Name: admin
Domain: SAMANDDARRAN
Logon Type: 8
Logon Process: IIS
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: EVO
Caller User Name: EVO$
Caller Domain: SAMANDDARRAN
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 648
Transited Services: -
Source Network Address: -
Source Port: -
The username on the whole is either admin or administrator but I did not
at
the bottom it seemed to try every known name beginning with 'A' (aaron,
aron,
abby etc..). This has only occured for the last 3 days or so and not all
today but it is concerning. Whether it is relevant or not but each machine
that logs onto the network pauses for approx 2 mins or so on the 'Applying
personal Settings' stage.. could be relevant, could not.
Any suggestions?
Thank you very much in advance.
.
- Prev by Date: Re: REgedit problem
- Next by Date: Re: Thousands of Failed logon audits
- Previous by thread: REgedit problem
- Next by thread: Re: Thousands of Failed logon audits
- Index(es):
Relevant Pages
|
Loading
