Re: Event ID 529 Question
- From: "Siv" <g@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 12 Mar 2008 13:13:41 -0000
Teneo,
Your idea worked, I am now getting IP Addresses and can start blocking the little sods!
Thanks.
Siv
"Teneo" <not@xxxxxxxx> wrote in message news:%23YKTSzudIHA.4144@xxxxxxxxxxxxxxxxxxxxxxx
Hi Siv
we are seeing these also. Im pretty sure its to do with hacking attempt on port 25
Switch on logging on your default smtp server, need to click properties / advanced to tick options require ( I tick them all...lol )
Then in windows\system32\logfiles will see SMTPSVC1
Here you can look up the time and see the IP and if have ISA can block the IP.
Hope it helps.
"Siv" <g@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:F2B333D5-B641-4F6C-8337-1E8897B03974@xxxxxxxxxxxxxxxxJust lately I have been seeing this in the event logs:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Mickey
Domain:
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: SERVER01
Caller User Name: SERVER01$
Caller Domain: DIRECT
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 1608
Transited Services: -
Source Network Address: -
Source Port: -
There is no "Mickey" user on our network, so it worries me that we have a hacker trying to get in using brute force logins as this occurred 45 times. Usually when you get this you see a source port and source IP Address, but these are not listed? We use wireless networking as well as the wired network so it is possible that someone could be attempting to login from outside the building using wireless, could this be why there is no IP or Port listed?
Any help/advice gratefully accepted.
Siv
.
- Prev by Date: Re: Remote Access Wizard Error
- Next by Date: Northeast Atlanta SBS user group meeting March 13 6:30
- Previous by thread: SBS2003 STD Crashes Every Night at 12:03AM
- Next by thread: Northeast Atlanta SBS user group meeting March 13 6:30
- Index(es):
Relevant Pages
|
Loading
