Intrusion or Active Imagination?
Posted on 2011-02-14
Am I jumping at shadows because of previous experiences?
I think this is an intrusion and password guessing... but how do I track it down?
Small SBS2K3 network with 5 XP Pro clients and the server.
Source Event ID Last Occurrence Total Occurrences
529 14/02/2011 4:16 AM 1,386 *
Reason: Unknown user name or bad password
User Name: hello
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: SBS2K3-SERVER'S NAME
Caller User Name: SBS2K3-SERVER'S NAME
Caller Domain: SBS2K3-SERVER'S DOMAIN NAME
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 2596
Transited Services: -
Source Network Address: -
Source Port: -
Also do let me the general feeling of whether the points offered are appropriate or whether they should be higher / lower!
Thanks in advance!