Is someone hacking our server?
From: MBD (MBD_at_discussions.microsoft.com)
Date: 03/06/05
- Next message: northwindccohio: "Re: Reopen from 2/4/2005"
- Previous message: Pat Coleman: "Re: Song of the Week - March 5, 2005"
- Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Is someone hacking our server?"
- Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Is someone hacking our server?"
- Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Is someone hacking our server?"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 6 Mar 2005 08:57:01 -0800
This morning (and every so often) I read this in the security log:
Logon Failure:
Reason: Unknown user name or bad password
User Name: connect
Domain:
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: SBSSERVER
Caller User Name: HILLSIDESERVER$
Caller Domain: OURDOMAIN
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 1632
Transited Services: -
Source Network Address: -
Source Port: -
There was no one in the building when this event occurred. Our firewall
blocks everything except port 25 (SMTP mail). Was this a hacking attempt?
Was it from the outside or inside?
Thanks,
MBD
- Next message: northwindccohio: "Re: Reopen from 2/4/2005"
- Previous message: Pat Coleman: "Re: Song of the Week - March 5, 2005"
- Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Is someone hacking our server?"
- Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Is someone hacking our server?"
- Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Is someone hacking our server?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
