Re: Failure Audit in Security Logs
- From: PeterG <PeterG@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 7 Oct 2008 07:43:02 -0700
Thanks for the response. The thing that makes me think that it may be
something on my email server is that the login type = 3 which I believe means
that it is from my local network. Am I correct in my thinking?
Peter
"Cris Hanna [SBS - MVP]" wrote:
Probably not a bot, more like a dictionary attack.
This is very common...not much can be done. I see them in most of my
customers logs
Insure you have a good solid firewall, consider changing passwords, make
sure strong passwords are enforced and so on.
--
Cris Hanna [SBS - MVP]
Co-Author, Windows Small Business Server 2008 Unleashed
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.
"PeterG" <PeterG@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:15EA4942-480B-4005-B9D1-80050F293086@xxxxxxxxxxxxxxxx
Hello,
I am getting hundreds of this type of message which are occurring every
few
seconds to minutes. Can anyone tell me what is happening here? I am
thinking
that I might have a "Bot" on my email server. If this is the case, I do I
get
rid of it?
I am running SBS2003 Standard version with Exchange SPs installed.
Thanks,
Peter
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/6/2008
Time: 4:49:22 PM
User: NT AUTHORITY\SYSTEM
Computer: MAIN-SERVER
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: chris
Domain: chattem.com
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: MAILGATE
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/6/2008
Time: 4:36:27 PM
User: NT AUTHORITY\SYSTEM
Computer: MAIN-SERVER
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: EXCHANGE$
Domain: HPI
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: EXCHANGE
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/6/2008
Time: 3:35:13 PM
User: NT AUTHORITY\SYSTEM
Computer: MAIN-SERVER
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: EMAILSERVER$
Domain: SNELOCAL
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: EMAILSERVER
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
- Follow-Ups:
- Re: Failure Audit in Security Logs
- From: Cris Hanna [SBS - MVP]
- Re: Failure Audit in Security Logs
- References:
- Failure Audit in Security Logs
- From: PeterG
- Re: Failure Audit in Security Logs
- From: Cris Hanna [SBS - MVP]
- Failure Audit in Security Logs
- Prev by Date: MMC error in snap-in. Cannot get into Microsoft Management Console
- Next by Date: Re: SBS2003 - SQL Server 2005 SP 4 and SP 2
- Previous by thread: Re: Failure Audit in Security Logs
- Next by thread: Re: Failure Audit in Security Logs
- Index(es):
Relevant Pages
|
Loading
