Solved

Security Audit Event 5152.  Is this a concern?

Posted on 2013-01-01
6
692 Views
Last Modified: 2013-01-09
I'm getting the attached event.  Do I need to be concerned?
audit.jpg
0
Comment
Question by:jrsitman
  • 3
  • 2
6 Comments
 
LVL 20

Expert Comment

by:Radhakrishnan Rajayyan
Comment Utility
Hi,

This looks like the windows firewall hasn't set correctly for the inbound traffic. Also, it could be edge traversal settings. Have a look at this MS article and try to set edge traversal and see it stops the event.
 http://technet.microsoft.com/en-us/library/ee649264(v=ws.10).aspx
0
 

Author Comment

by:jrsitman
Comment Utility
The Windows firewall on that server is off.  If it's not a concern, then I can just ignore it, correct?
0
 
LVL 20

Accepted Solution

by:
Radhakrishnan Rajayyan earned 200 total points
Comment Utility
Hi,

Thanks for your reply. Bur unfortunately this event required attention as it's indicates that there is a inbound packet blocked by windows filtering. It could be a attempt of hacking.

Also, the windows firewall service in question should be on in windows 2008 environment. You can also refer this tech article and install the required hotfix (the error events are same)
http://support.microsoft.com/kb/2654852

Hope this helps
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 18

Assisted Solution

by:sarang_tinguria
sarang_tinguria earned 100 total points
Comment Utility
I tried to get WHOIS listing of 239.255.255.250 but could not find any details and the port 138 is used by NetBIOS  protocol used for File and Print Sharing under all current versions of Windows.

As this public IP is not from valid source it may be attempt of attack so would recommend you to check impact by blocking this IP on your external firewall and run full AV scan in safe mode
0
 

Author Comment

by:jrsitman
Comment Utility
I applied the patch.  I'll monitor it and post later.

Thanks
0
 

Author Closing Comment

by:jrsitman
Comment Utility
Thanks.  I applied the patch and blocked the ip address.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now