Re: 529 Logon Failures - 138 Events

In article <767D318D-FF00-40BD-9E12-607A3ECF40BF@xxxxxxxxxxxxx>,
MikeG@xxxxxxxxxxxxxxxxxxxxxxxxx says...

Sounds like the same hacker was snooping around one of my clients. This
morning's Server Performance Report showed exactly 138 Event 529.
Investigation indicates an automated probe trying various first names
(***, Jane, etc.) for account name.

As Henry says, as long as you have a good password policy you should be
fine. The hacker will most likely move on. I also use <first initial>
<last name> naming convention at most of my clients which makes it
harder to match an account name.

-- Owen Williams (SBS MVP)

My Server Security Log recorded (138) 529 logon failure events during a 15
minute interval. one failure about every 6-7 seconds.The user names were male
and female first names.

Is there a way to trace this to the source to find out who is doing this?
Also, is there a way to lock out the intruder? A sample of the event follows.
Thanking you in advance for your help.

Security 529 2/20/2005 7:27 PM 24 *
Logon Failure:
Reason: Unknown user name or bad password
User Name: crack
Domain:
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: SERVER
Caller User Name: SERVER$
Caller Domain: domain
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 1828
Transited Services: -
Source Network Address: -
Source Port: -
.