asked on

Win 2008 Security Events show a lot of attempted logins

I am getting a ton of these attempted logins. They have no ip address, and I do not know how they are coming in and how I can prevent them from happening:

An account failed to log on.

Subject:
      Security ID:            SYSTEM
      Account Name:            RRWSVR2008$
      Account Domain:            WORKGROUP
      Logon ID:            0x3e7

Logon Type:                  8

Account For Which Logon Failed:
      Security ID:            NULL SID
      Account Name:            missbeha
      Account Domain:

Failure Information:
      Failure Reason:            Unknown user name or bad password.
      Status:                  0xc000006d
      Sub Status:            0xc0000064

Process Information:
      Caller Process ID:      0x7d4
      Caller Process Name:      C:\Windows\System32\svchost.exe

Network Information:
      Workstation Name:      RRWSVR2008
      Source Network Address:      -
      Source Port:            -

Detailed Authentication Information:
      Logon Process:            Advapi
      Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
      Transited Services:      -
      Package Name (NTLM only):      -
      Key Length:            0

dandmantra

You need to scan your server for Malware and Spyware. Malaware makes a great scan.

Faruk Onder Yerli

you should cloase telnet from router. You should use SSL connection. such spoofing is everywhere.

Faruk Onder Yerli

sorry not SSL it will be SSH

swanzey

ASKER

telnet is/has been closed. I ran superantispyware and windows defender and found nothing.

Is that all that is going on, spoofing? Is there any way to stop it?

ASKER CERTIFIED SOLUTION

Faruk Onder Yerli

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial