I've had multiple logon failures on the daily reports almost daily for a couple of weeks and would like to lock down my sbs 2003 server without buying any new software (in a small non-business environment)? With a new cable modem/router, I can't get remote access to the server from outside the network-probably a router problem. ISA is not installed and IIS is running as well as Exchange2003.
In trying to understand the attached code-is logon type 3 coming from the website? I don't really know where to begin in figuring out where the attempt is coming from (i.e. a perp visiting https://server.myservername.com/remote
and entering user/pass combo's). My guess is they're either trying to get in via OWA or the server's remote access (sorry, forgot the abrev.).
where are the attempts (attacks) coming from and how to secure the server? I do NOT have ISA installed as everytime I've tried in the past it, I was unable to get it to operate properly.
Reason: Unknown user name or bad password
User Name: 5201314
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: SERVER
Caller User Name: SERVER$
Caller Domain: MYSERVERNAME
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 1648
Transited Services: -
Source Network Address: -
Source Port: -