September 7, 2008 03:49pm pdt

1. TechSoEasy 1,104,989
2. RobWill 770,128
3. KCTS 251,696
4. tigermatt 181,267
5. leew 178,747
6. Sembee 158,216
7. kieran_b 142,817
8. suppsaws 131,986
9. Dave_AND 128,955
10. plug1 110,787
11. mwecom... 109,240
12. 18526 97,220
13. MPECSInc 95,600
14. ormerodru... 93,821
15. olafdc 92,152
16. MrMander... 79,655
17. DrDave242 78,433
18. waynewill... 70,753
19. ryansoto 68,645
20. SysExpert 62,986
21. hypercat 54,766
22. tomcahill 52,500
23. keith_ala... 47,992
24. Chris-Dent 47,700
25. LeeDerby... 47,575

1. TechSoEasy 6,496,978
2. RobWill 978,818
3. Sembee 813,048
4. olafdc 556,117
5. leew 551,613
6. KCTS 497,451
7. suppsaws 319,351
8. tigermatt 281,815
9. redseatec... 251,556
10. vico1 220,195
11. Dave_AND 213,070
12. MPECSInc 210,981
13. keith_ala... 178,368
14. MrMander... 178,163
15. ormerodru... 175,001
16. hypercat 154,121
17. kieran_b 142,817
18. sguinn100 137,295
19. DanKoster 134,829
20. mwecom... 127,765
21. MarkMich... 115,665
22. itcoza 113,361
23. rakeshmig... 111,509
24. Zadkin 110,986
25. plug1 110,787

03.22.2008 at 02:59PM PDT, ID: 23261953 | Points: 125

	[x] Attachment Details

How do I stop an intruder from bouncing around my network like this?

Asked by chrisdhicks in SBS Small Business Server, MS Internet Security & Accel, MS Forefront

Tags: Failure Audit 529

How do I stop an intruder from bouncing around my network like it was a ping pong game? I have ISA and SBS server 2003. I thought it was protected from these kinds of multiple attempts. Ive gone thru my logs and there are THOUSANDS of these attempts to gain access. The latest it seems to be from the source of an internal machine on the network but this is not the case. I scanned the particular machine for spyware and nothing. It doesnt seem to matter because if I turn off the machine he comes from and that is not listed. I also blocked via ISA hundreds of thousands of IPs from China, Russia and so on but this particular intruder I cannot stop. HOW DO I FIND ANS STOP???
Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            3/21/2008
Time:            11:50:20 AM
User:            NT AUTHORITY\SYSTEM
Computer:      MX-MAIL-SERVER
Description:
Logon Failure:
     Reason:            Unknown user name or bad password
     User Name:      kaitlin
     Domain:            SFMX
     Logon Type:      3
     Logon Process:      NtLmSsp
     Authentication Package:      NTLM
     Workstation Name:      OPS-MANAGER
     Caller User Name:      -
     Caller Domain:      -
     Caller Logon ID:      -
     Caller Process ID:      -
     Transited Services:      -
     Source Network Address:      192.168.1.50
     Source Port:      0

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            3/21/2008
Time:            11:50:20 AM
User:            NT AUTHORITY\SYSTEM
Computer:      MX-MAIL-SERVER
Description:
Logon Failure:
     Reason:            Unknown user name or bad password
     User Name:      administrator
     Domain:            SFMX
     Logon Type:      3
     Logon Process:      NtLmSsp
     Authentication Package:      NTLM
     Workstation Name:      -
     Caller User Name:      -
     Caller Domain:      -
     Caller Logon ID:      -
     Caller Process ID:      -
     Transited Services:      -
     Source Network Address:      -
     Source Port:      -

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Start Free Trial

Keywords: How do I stop an intruder from bouncin…

	Title
1	Intruder
2	ISA 2004 and Sharepoint Services …
3	intruder
4	System Alert - Spyware and Adware…
5	SBS 2003 ISA configuration question
6	Have Spyware/Adware, don't kno…

Loading Advertisement...

20080716-EE-VQP-32 / EE_QW_2_20070628