?
Solved

Windows 2003 Security event log - Failed audits

Posted on 2005-03-30
1
Medium Priority
?
129 Views
Last Modified: 2013-12-04
Hello,

I have a windows 2003 servers keeps getting failed logon attempts from people outside the network.  The event id is 529 failed logon.  

I think our network is secure, the only thing I let in on the firewall is HTTPS and SMTP.  I even checked our settings with shieldsup.

My question is how are people seeing my server in order to try and hack in?  The server in question has exchange and iis for owa.  The owa is through https and I have a certificate authority.

Any help would be appreciated.

Thanks,

Bill
0
Comment
Question by:bjennings
1 Comment
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 750 total points
ID: 13662739
Since your prompted for a user/pass when authenticating, it stands to reason that this could be why your seeing these. If port's 135-139, and 445 are closed then they should not be able to attempt a "normal" nt/smb login. Do you happen to have TerminalService open? port 3389 by default? This could also be how the events are appearing.
See if you can get your firewall log's and try to match the times to the event log's to deterimine the ip address of the "attacker"
-rich
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Kernel Data Recovery is a renowned Data Recovery solution provider which offers wide range of softwares for both enterprise and home users with its cost-effective solutions. Let's have a quick overview of the journey and data recovery tools range he…
Is your organization moving toward a cloud and mobile-first environment? In this transition, your IT department will encounter many challenges, such as navigating how to: Deploy new applications and services to a growing team Accommodate employee…
Suggested Courses
Course of the Month9 days, 11 hours left to enroll

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question