Need Help

From: "buc" <buc@xxxxxxx>
Date: Fri, 3 Aug 2007 09:27:43 -0500

I have set up WEB server (Windows 2003 SP2 with IIS) to host a site. While
looking through the security events audit. I noticed a large number of
FAILURE AUDITS with the MICROSOFT_AUTHENTICATION_PACKAGE_V1 and KRBTGT\
service. These audits have various logon user names like PETER, APPLE, ROOT,
LISA, MASTER, DOG and other random names. It has the sourceworkstation = the
computer name of my server, and it has an error code of 0xC0000064. I am
concerned. This happens for about a minute and stops during certain days.
What is this? Is it an inside or outside hijack. What can this do? Can it
control the computer.
Thanks
BUC

.

Prev by Date: Re: Cant install any software from a netwwork drive.
Next by Date: Re: Run Application as a service
Previous by thread: Re: Is it posible to close open or unneeded ports
Next by thread: Re: How to map a network drive whithout anybody logged
Index(es):
- Date
- Thread

Relevant Pages

Re: Web server Security Issue
... looking through the security events audit. ... FAILURE AUDITS with the MICROSOFT_AUTHENTICATION_PACKAGE_V1 and KRBTGT\ ... These audits have various logon user names like PETER, APPLE, ROOT, ... control the computer. ...
(microsoft.public.inetserver.iis.security)
Re: Need Help
... looking through the security events audit. ... These audits have various logon user names like PETER, APPLE, ... and it has an error code of 0xC0000064. ... this means you have exposed authentication interfaces ...
(microsoft.public.windows.server.security)
Web server Security Issue
... I have set up WEB server to host a site. ... looking through the security events audit. ... FAILURE AUDITS with the MICROSOFT_AUTHENTICATION_PACKAGE_V1 and KRBTGT\ ...
(microsoft.public.inetserver.iis.security)