Talds_Alouds
asked on
Security Audit Failure
Hey guys,
got a client who's getting a lot of these. I've never had to deal with these before. There seems to be two audits which keep failing over and over. I'm more concerned with the first one. Am I right in saying that it looks like someone's trying to hack the system? And if so, is there something I can do?
It's an SBS 2008 box.
Actually, now that I think about it. the second error is from a laptop which is on the network but isn't connected to the domain. he connects his Outlook to exchange.
Thanks
-----------------
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: SERVER$
Account Domain: DOMAIN
Logon ID: 0x3e7
Logon Type: 10
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: administrator
Account Domain: SERVER
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc0000064
Process Information:
Caller Process ID: 0x2ec4
Caller Process Name: C:\Windows\System32\winlog on.exe
Network Information:
Workstation Name: SERVER
Source Network Address: 221.204.230.57
Source Port: 2244
Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
-----------------
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: RICHARD
Account Domain: RICHARD-PC
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc000006a
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: RICHARD-PC
Source Network Address: 192.168.0.42
Source Port: 54667
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
got a client who's getting a lot of these. I've never had to deal with these before. There seems to be two audits which keep failing over and over. I'm more concerned with the first one. Am I right in saying that it looks like someone's trying to hack the system? And if so, is there something I can do?
It's an SBS 2008 box.
Actually, now that I think about it. the second error is from a laptop which is on the network but isn't connected to the domain. he connects his Outlook to exchange.
Thanks
-----------------
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: SERVER$
Account Domain: DOMAIN
Logon ID: 0x3e7
Logon Type: 10
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: administrator
Account Domain: SERVER
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc0000064
Process Information:
Caller Process ID: 0x2ec4
Caller Process Name: C:\Windows\System32\winlog
Network Information:
Workstation Name: SERVER
Source Network Address: 221.204.230.57
Source Port: 2244
Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
-----------------
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: RICHARD
Account Domain: RICHARD-PC
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc000006a
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: RICHARD-PC
Source Network Address: 192.168.0.42
Source Port: 54667
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.