troubleshooting Question

Event Failure Secuirty concern

Avatar of Farris007
Farris007 asked on
Exchange
8 Comments1 Solution1762 ViewsLast Modified:
Hi
I have a client that has Exchange 2007 in private network, and OWA1 in DMZ. We are oviusly under some kind off brute force or DDOS attack, but I cannot determine where this is comming the log is not really showing me logs of info, as I provided the log below ( XXX marks are for protection of server name and domain). We use Kaspersky as Antivirus.
This attacker is using diiferent Usernames, such as: Manager, Candy, Power, and so on. But there is no IP workstation name (except log is showing same Server name)

I need help ASAP, any idea will be appreciated.

Thank you very much.

 An account failed to log on.

Subject:
      Security ID:            NETWORK SERVICE
      Account Name:            XXXXXEX1$
      Account Domain:            XXXXX
      Logon ID:            0x3e4

Logon Type:                  3

Account For Which Logon Failed:
      Security ID:            NULL SID
      Account Name:            power
      Account Domain:            

Failure Information:
      Failure Reason:            Unknown user name or bad password.
      Status:                  0xc000006d
      Sub Status:            0xc0000064

Process Information:
      Caller Process ID:      0xd88
      Caller Process Name:      C:\Program Files\Microsoft\Exchange Server\Bin\EdgeTransport.exe

Network Information:
      Workstation Name:      XXXXXEX1
      Source Network Address:      -
      Source Port:            -

Detailed Authentication Information:
      Logon Process:            Advapi  
      Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
      Transited Services:      -
      Package Name (NTLM only):      -
      Key Length:            0

Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 8 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 8 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros