ninja11
asked on
Event 529
The event shows up like the following:
Event ID: 529
Source: Security
Type: Failure Audit
Category: Logon/Logoff
User: NT AUTHORITY\SYSTE
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: randyb
Domain: Snoopy
Logon Type: 2
Logon Process: IIS
Authentication Package: MICROSOFT_AUTHENTICATION_P ACKAGE_V1_ 0
Workstation Name: Snoopy1
Snoopy1 is the server name. We don't have a user name as randyb in our domain. I can track down the ip address of randyb. Here's the problem:
Our IT department believes that a "spidering technology" such as AskJeeves is indexing our servers. I think that it is a hacker using a password cracker against us. Can an indexing situation cause a 529 event id error? If not, how is randyb trying to get into our servers so that I can stop him? This is a NT 4 box. Randyb is a remote user that isn't a domain user of ours.
Event ID: 529
Source: Security
Type: Failure Audit
Category: Logon/Logoff
User: NT AUTHORITY\SYSTE
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: randyb
Domain: Snoopy
Logon Type: 2
Logon Process: IIS
Authentication Package: MICROSOFT_AUTHENTICATION_P
Workstation Name: Snoopy1
Snoopy1 is the server name. We don't have a user name as randyb in our domain. I can track down the ip address of randyb. Here's the problem:
Our IT department believes that a "spidering technology" such as AskJeeves is indexing our servers. I think that it is a hacker using a password cracker against us. Can an indexing situation cause a 529 event id error? If not, how is randyb trying to get into our servers so that I can stop him? This is a NT 4 box. Randyb is a remote user that isn't a domain user of ours.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.