I have a client that has Exchange 2007 in private network, and OWA1 in DMZ. We are oviusly under some kind off brute force or DDOS attack, but I cannot determine where this is comming the log is not really showing me logs of info, as I provided the log below ( XXX marks are for protection of server name and domain). We use Kaspersky as Antivirus.
This attacker is using diiferent Usernames, such as: Manager, Candy, Power, and so on. But there is no IP workstation name (except log is showing same Server name)