billrush2
asked on
Hacker Attempt?
Need to know what is going on here - SBS 2003 box - I found this in my server summary report email this AM. Is this someone trying to hack into my server?
Source Event ID Last Occurrence Total Occurrences
Security 529 10/1/2007 4:05 AM 69 *
Logon Failure:
Reason: Unknown user name or bad password
User Name: 12345678
Domain:
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_P ACKAGE_V1_ 0
Workstation Name: MAINSERVER
Caller User Name: MAINSERVER$
Caller Domain: DKCONTRACTORS
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 1884
Transited Services: -
Source Network Address: -
Source Port: -
Thanks,
Bill
Source Event ID Last Occurrence Total Occurrences
Security 529 10/1/2007 4:05 AM 69 *
Logon Failure:
Reason: Unknown user name or bad password
User Name: 12345678
Domain:
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_P
Workstation Name: MAINSERVER
Caller User Name: MAINSERVER$
Caller Domain: DKCONTRACTORS
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 1884
Transited Services: -
Source Network Address: -
Source Port: -
Thanks,
Bill
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Process 1884 is "inetinfo.exe". Quick web search says that this is a Windows troubleshooting app. I checked the location of this .exe and it is living in MS dirs, so I think it is not an external threat. I would really like to know whay it is throwing the error and how to correct this.
Bill
Bill
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I wouldn't ignore it... you should run through the troubleshooting steps outlined in this Newsgroup post to find out what's causing it:
http://groups.google.com/group/microsoft.public.windows.server.sbs/browse_thread/thread/c52e05f867ba916/72ed0fda7acf615a?hl=en&lnk=st
Jeff
TechSoEasy
http://groups.google.com/group/microsoft.public.windows.server.sbs/browse_thread/thread/c52e05f867ba916/72ed0fda7acf615a?hl=en&lnk=st
Jeff
TechSoEasy
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windows.server.sbs&tid=605709ef-fc6c-4c89-9093-e9438c77e195&lang=en&cr=US&p=1
check these links they are talking about your case