RE: 25 logon attempts per minute for hours - what is going on?
- From: v-jochen@xxxxxxxxxxxxxxxxxxxx (John Chen [MSFT])
- Date: Fri, 24 Feb 2006 08:17:54 GMT
Hello,
Thank you for posting.
Event 100 indicates that a user wants to logon to FTPSvc but fails due to a
wrong user name or bad password. The events are hackneyed. According to my
experience, two reasons may cause this high occurrence of Event 100:
1. Clients attempt to logon with the wrong user name or password
continually.
2. Your server has been attacked as Owen said.
You can perform the test mentioned by Owen. On the other hand, if the FTP
server is not necessary for you, I suggest you disable the FTP Publishing
Service on the server. It will prevent your server from FTP related
attacks. If you are using FTP service now, I need an MPS report for further
research. To collect the MPS report, please follow these steps:
1. Access the following URL:
<http://www.microsoft.com/downloads/details.aspx?familyid=cebf3c7c-7ca5-408f
-88b7-f9c79b7306c0&displaylang=en>
2. Download MPSRPT_Alliance_X86.EXE and execute the exe file.
3. Please send the result file (CAB file) to me at v-jochen@xxxxxxxxxxxxxx
Sincerely,
John Chen, MCSE, MCSA, MCDBA, MCSD
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- Prev by Date: RE: Problems with fax on sbs2003
- Next by Date: Outlook 2003 Default E-Mail Account
- Previous by thread: Re: 25 logon attempts per minute for hours - what is going on?
- Next by thread: News Flash - Swing Project Lives Again
- Index(es):
Relevant Pages
|
