	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

Question

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

7.2

Server 2003 AD brute force attacked from other server

Asked by braker15 in Digital Forensics, Intrusion Detection Systems (IDS), Operating Systems Network Security

One of our server 2003 boxes keeps sending failed kerbros authentications to our primary domain controller. The primary domain controllers security log is corrupt (is this a coiencidence?).

I'm running wireshark now on the primary domain controller and can see all the failed attempts. I am pretty sure the username that keeps failiing doesn't even exist.

I'm going to run wireshark on the server that is doing the attacks. I cannot turn off this server nor disconnect it because it is running our defect software that at any given time 30-80 people might be using.

What would you guys recommend I do to remedy this situation? What other tools can i use?

Thank you so much

View the Solution FREE for 30 Days

20091021-EE-VQP-81 - Hierarchy / EE_QW_3_20080625

Hall of Fame

1. breadtan66,560
2. DaveHowe11,501
3. MalleusM...5,770
4. Phateon5,214
5. richrumble4,800
6. dstewartjr4,000
6. akahan4,000
8. aleghart3,000
9. mds-cos2,501
10. reswobslc2,500
11. MikeHolcomb2,400
12. Wadski2,000
12. jcimarron2,000
12. Dhaest2,000
12. lherrou2,000
12. strung2,000
12. giltjr2,000
12. SMPC2,000
12. oswaldof...2,000
12. RobSamp...2,000
12. parimp2,000
12. GreatGerm2,000
12. lovewithu2,000
12. muzzi_in2,000
12. samenglish2,000
12. sirocco872,000

1. breadtan66,560
2. DaveHowe11,501
3. Kelvin_King8,500
4. MalleusM...5,770
5. richrumble5,300
6. Phateon5,214
7. shekerra4,000
7. dstewartjr4,000
7. akahan4,000
10. hfraser3,000
10. aleghart3,000
10. Paranorm...3,000
13. jcimarron2,664
14. mds-cos2,501
15. reswobslc2,500
16. SMPC2,400
16. MikeHolcomb2,400
18. leew2,200
19. Wadski2,000
19. lazarus982,000
19. Dhaest2,000
19. lherrou2,000
19. strung2,000
19. giltjr2,000
19. jahboite2,000
19. lnkevin2,000
19. oswaldof...2,000
19. RobSamp...2,000
19. dfxdeimos2,000
19. MadShiva2,000
19. TurboBorl...2,000
19. parimp2,000
19. GreatGerm2,000
19. lovewithu2,000
19. muzzi_in2,000
19. samenglish2,000
19. sirocco872,000

Server 2003 AD brute force attacked from other server

Asked by braker15 in Digital Forensics, Intrusion Detection Systems (IDS), Operating Systems Network Security

About this solution