Re: Unidentified Invalid Logons in Security Log
- From: "Geoff Davis" <usenetgroups@xxxxxxxxxxx>
- Date: 11 Apr 2007 12:56:48 -0700
On 11 Apr, 20:46, "Geoff Davis" <usenetgro...@xxxxxxxxxxx> wrote:
On 11 Apr, 13:31, v-ja...@xxxxxxxxxxxxxxxxxxxx ("Jacky Luo [MSFT]")
wrote:
Hi Geoff,
Thanks for posting back.
because the info exists, you can ask the user whether he access network
source by OWA,RWW,shared folder on server, if not,may someone try his
password,then you should enforce the strong password policy and make sure
passwords are well managed throughout your network.
If the event is sporadic,not frequent, It is likely that the user enter the
wrong password himself. you can just ignore the event. and you can keep an
eye on this event,to see how often it is.
In the security log,you can check the source network address to identify
the client
Furthermore,I have not received your email,please send to me at
v-ja...@xxxxxxxxxxxxx
%systemroot%\System32\config\SecEvent.Evt,please compress the file and send
to me at v-ja...@xxxxxxxxxxxxx
Have a nice day!
Best regards,
Jacky Luo (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! -www.microsoft.com/security
====================================================
PLEASE NOTE: The partner managed newsgroups are provided to
assist with break/fix issues and simple how to questions.
We also love to hear your product feedback! Let us know what you think by
posting
from the web interface: Partner Feedback
from your newsreader: microsoft.private.directaccess.partnerfeedback.
We look forward to hearing from you!
====================================================
When responding to posts, please "Reply to Group" via your newsreader
so that others may learn and benefit from this issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
====================================================
Jacky
Thanks for the further response.
The user Info only exists to catch email addressed to info@...
No one actually uses the info account. If I could ask the user I
would. As you said in your previous reply this is definetly an
attack, The same Security Log Error is occuring repetatively at randon
time intervals and at least 3 per hour and have been doing so for at
least the last 7 days. As you can see from the error message in my
original post there is no source network address.
I originally sent the email to ....@xxxxxxxxxxxxx but your 'profile'
says it is ....@xxxxxxxxxxxxxxxxxxxx so I have sent it again to the
latter.
Regards
Geoff Davis- Hide quoted text -
- Show quoted text -
Jacky
Email to ...online.microsoft.com has bounced back as "Host unknown
(Name server: online.microsoft.com"
I will send it again to the microsoft.com address
Geoff
.
- Follow-Ups:
- Re: Unidentified Invalid Logons in Security Log
- From: "Jacky Luo [MSFT]"
- Re: Unidentified Invalid Logons in Security Log
- References:
- Unidentified Invalid Logons in Security Log
- From: Geoff Davis
- Re: Unidentified Invalid Logons in Security Log
- From: Geoff Davis
- Re: Unidentified Invalid Logons in Security Log
- From: "Jacky Luo [MSFT]"
- Re: Unidentified Invalid Logons in Security Log
- From: Geoff Davis
- Unidentified Invalid Logons in Security Log
- Prev by Date: Re: POP3 Schedule
- Next by Date: Re: How do you set your IMF?
- Previous by thread: Re: Unidentified Invalid Logons in Security Log
- Next by thread: Re: Unidentified Invalid Logons in Security Log
- Index(es):
Relevant Pages
|
