swanzey
asked on
Win 2008 Security Events show a lot of attempted logins
I am getting a ton of these attempted logins. They have no ip address, and I do not know how they are coming in and how I can prevent them from happening:
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: RRWSVR2008$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 8
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: missbeha
Account Domain:
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc0000064
Process Information:
Caller Process ID: 0x7d4
Caller Process Name: C:\Windows\System32\svchos t.exe
Network Information:
Workstation Name: RRWSVR2008
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_P ACKAGE_V1_ 0
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: RRWSVR2008$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 8
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: missbeha
Account Domain:
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc0000064
Process Information:
Caller Process ID: 0x7d4
Caller Process Name: C:\Windows\System32\svchos
Network Information:
Workstation Name: RRWSVR2008
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_P
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
You need to scan your server for Malware and Spyware. Malaware makes a great scan.
you should cloase telnet from router. You should use SSL connection. such spoofing is everywhere.
sorry not SSL it will be SSH
ASKER
telnet is/has been closed. I ran superantispyware and windows defender and found nothing.
Is that all that is going on, spoofing? Is there any way to stop it?
Is that all that is going on, spoofing? Is there any way to stop it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.