troubleshooting Question

Win 2008 Security Events show a lot of attempted logins

Avatar of swanzey
swanzey asked on
RoutersServer Hardware
5 Comments1 Solution604 ViewsLast Modified:
I am getting a ton of these attempted logins. They have no ip address, and I do not know how they are coming in and how I can prevent them from happening:


An account failed to log on.

Subject:
      Security ID:            SYSTEM
      Account Name:            RRWSVR2008$
      Account Domain:            WORKGROUP
      Logon ID:            0x3e7

Logon Type:                  8

Account For Which Logon Failed:
      Security ID:            NULL SID
      Account Name:            missbeha
      Account Domain:            

Failure Information:
      Failure Reason:            Unknown user name or bad password.
      Status:                  0xc000006d
      Sub Status:            0xc0000064

Process Information:
      Caller Process ID:      0x7d4
      Caller Process Name:      C:\Windows\System32\svchost.exe

Network Information:
      Workstation Name:      RRWSVR2008
      Source Network Address:      -
      Source Port:            -

Detailed Authentication Information:
      Logon Process:            Advapi  
      Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
      Transited Services:      -
      Package Name (NTLM only):      -
      Key Length:            0

Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 5 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros