Re: Failure Audit in Security Logs
- From: "Cris Hanna [SBS - MVP]" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 7 Oct 2008 09:32:36 -0500
Probably not a bot, more like a dictionary attack
This is very common...not much can be done. I see them in most of my customers logs
Insure you have a good solid firewall, consider changing passwords, make sure strong passwords are enforced and so on.
--
Cris Hanna [SBS - MVP]
Co-Author, Windows Small Business Server 2008 Unleashed
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.
"PeterG" <PeterG@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:15EA4942-480B-4005-B9D1-80050F293086@xxxxxxxxxxxxxxxx
Hello,
I am getting hundreds of this type of message which are occurring every few
seconds to minutes. Can anyone tell me what is happening here? I am thinking
that I might have a "Bot" on my email server. If this is the case, I do I get
rid of it?
I am running SBS2003 Standard version with Exchange SPs installed.
Thanks,
Peter
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/6/2008
Time: 4:49:22 PM
User: NT AUTHORITY\SYSTEM
Computer: MAIN-SERVER
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: chris
Domain: chattem.com
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: MAILGATE
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/6/2008
Time: 4:36:27 PM
User: NT AUTHORITY\SYSTEM
Computer: MAIN-SERVER
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: EXCHANGE$
Domain: HPI
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: EXCHANGE
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/6/2008
Time: 3:35:13 PM
User: NT AUTHORITY\SYSTEM
Computer: MAIN-SERVER
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: EMAILSERVER$
Domain: SNELOCAL
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: EMAILSERVER
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
.
- Follow-Ups:
- Re: Failure Audit in Security Logs
- From: PeterG
- Re: Failure Audit in Security Logs
- References:
- Failure Audit in Security Logs
- From: PeterG
- Failure Audit in Security Logs
- Prev by Date: Re: SBS 2008 recommended backup device?
- Next by Date: MMC error in snap-in. Cannot get into Microsoft Management Console
- Previous by thread: Failure Audit in Security Logs
- Next by thread: Re: Failure Audit in Security Logs
- Index(es):
Relevant Pages
|
Loading
