Advertisement

06.08.2007 at 05:51AM PDT, ID: 22621589
[x]
Attachment Details

Event 529 Logon Failures - Many

Asked by xpressaccounts in MS Forefront, Windows Network Security Questions, SBS Small Business Server

Tags: 529, event, advapi, logon

My Windows SBS 2003 Server Security Log recorded (138) 529 logon failure events during a 15
minute interval. one failure about every 6-7 seconds.The user names were male
and female first names.

Is there a way to trace this to the source to find out who is doing this?
Is there a way to lock out the intruder?
I only forward ports for exchange server, OWA, RWW, and Terminal Server through my router to my sbs server. The login failure events don't have a port number associated with them. How did they get forwarded to my server??? A sample of one of the events follows.
Thanking you in advance for your help.

Security 529 2/20/2005 7:27 PM 24 *
Logon Failure:
Reason: Unknown user name or bad password
User Name: crack
Domain:
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: SERVER
Caller User Name: SERVER$
Caller Domain: domain
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 1828
Transited Services: -
Source Network Address: -
Source Port: - Start Free Trial
[+][-]06.08.2007 at 06:12AM PDT, ID: 19241588

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.08.2007 at 06:13AM PDT, ID: 19241603

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.08.2007 at 06:20AM PDT, ID: 19241668

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: MS Forefront, Windows Network Security Questions, SBS Small Business Server
Tags: 529, event, advapi, logon
Sign Up Now!
Solution Provided By: AdamRobinson
Participating Experts: 4
Solution Grade: C
 
 
[+][-]06.29.2007 at 06:35AM PDT, ID: 19389381

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.29.2007 at 10:39AM PDT, ID: 19391977

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32