Multiple Security login failure Event ID:529
Posted on 2006-07-06
Since early this morning there has been a login failure, with an unknown user id, about twice a minute. The ID's are changing, staring with amy, and working up alphabetical names. The ID tony is now being used.
I assume that an automated Hacking tools is being used.
I hate to assume that it will always fail.
Here is a sample of the event (valid domain name is substituted for actual domain.
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Time: 8:05:06 AM
User: NT AUTHORITY\SYSTEM
Reason: Unknown user name or bad password
User Name: tomy
Domain: "valid domain name"
Logon Type: 2
Logon Process: IIS
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: HOUSV02