Re: Logon 529 Errors
- From: Terry1337 <Terry1337@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 18 Nov 2008 12:26:01 -0800
Where can I check my IIS log?
Are you using a block list to block IP's on connection filtering? If so
which one are you using?
Thanks Again I am out of the office for today,
Terry
"Dave Nickason [SBS MVP]" wrote:
I don't know of any way to remedy this other than to block inna's IP.
address. But, in looking at my ISA logs, I'm getting denied connections
from a pretty extensive list of IPs. I don't think it would be practical to
start blocking them all manually. I just made sure that in the relay
restrictions in my smtp virtual server, the box is not checked to allow
connections from any computer that authenticates. That way, even if inna
manages to come up with a working username and password combination, he/she
will not be able to send mail through my server.
"Terry1337" <Terry1337@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:01D3E4FF-E8C5-4B2A-BF21-E78E37C5503D@xxxxxxxxxxxxxxxx
Steve Or Dave,
Is there any wany of blocking inna?
For the type 3 errors I was not receiving them until about 1 month ago.
Was
there a windows update that changed something or can I change some
settings
on our pc's to eliminate the errors?
Thanks for your responses!
"SteveB" wrote:
Agree inna is very active out there.
"Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:ets4N4ZSJHA.1484@xxxxxxxxxxxxxxxxxxxxxxx
Logon type 3 is usually from elsewhere on your network. In this case,
I'll bet if you look in Task Manager, you'll find that Process ID 2064
is
inetinfo.exe. See "Logon Type Codes Revealed" at
http://www.windowsecurity.com/articles/Logon-Types.html
These are almost surely SMTP logon attempts, and you can ignore them.
I've been getting several attempts a day from inna, who is apparenty
busily trying to find mail servers to relay through.
"Terry1337" <Terry1337@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5F868939-C077-493F-9D12-807D0D62C097@xxxxxxxxxxxxxxxx
I am receiving daily errors in my security logs for logon 529 errors.
Our
local tech said they are happening on our network and that they are
not
someone trying to hack into our system. I would like other opinions.
The
errors I am receiving are:
Logon Failure:
Reason: Unknown user name or bad password
User Name: inna
Domain:
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: DELLSERVER
Caller User Name: DELLSERVER$
Caller Domain: DELLNET
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 2064
Transited Services: -
Source Network Address: -
Source Port: -
Logon Failure:
Reason: Unknown user name or bad password
User Name:
Domain: DELLSERVER
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: DELLSERVER
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.1.3
Source Port: 57596
Logon Failure:
Reason: Unknown user name or bad password
User Name:
Domain: DELLSERVER
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: DELLSERVER
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.1.3
Source Port: 54894
Thanks,
Terry
- Follow-Ups:
- Re: Logon 529 Errors
- From: SteveB
- Re: Logon 529 Errors
- References:
- Logon 529 Errors
- From: Terry1337
- Re: Logon 529 Errors
- From: Dave Nickason [SBS MVP]
- Re: Logon 529 Errors
- From: SteveB
- Re: Logon 529 Errors
- From: Terry1337
- Re: Logon 529 Errors
- From: Dave Nickason [SBS MVP]
- Logon 529 Errors
- Prev by Date: Re: SBS2000
- Next by Date: Re: Logon 529 Errors
- Previous by thread: Re: Logon 529 Errors
- Next by thread: Re: Logon 529 Errors
- Index(es):
Relevant Pages
|
Loading
