Failed login attempts found in log

My server 2003 machine is logging hundreds and hundreds of event 529 in the security log... failed log in attempt.

The logon type is 3... network type.  The workstation is the server itself.

What would this mean?
Sheldon LivingstonConsultantAsked:
Who is Participating?
 
Dr. KlahnPrincipal Software EngineerCommented:
(a) Somebody's trying to break in, or (b) there's malware / a virus in the system.  (b) is less likely because hostile software would already be in the system.

After hours, disconnect it from the network and see if the login attempts continue.  If they do, the system is infected with something.  If they don't, there's something/somebody on your network trying to break into the system.
1
 
Naveen SharmaCommented:
May be someone trying to brute force their way in.

Some common causes for invalid logon events:
- Forgotten passwords, someone is entering the wrong password.
- An unauthorized individual is trying to gain access to the network.
- There is a persistent network connection with an invalid password.
- There is a service using a user account with an invalid password.
- Trust relationship has been broken.


https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=529
http://www.eventid.net/display.asp?eventid=529&eventno=1&source=Security&phase=1
https://www.lepide.com/blog/audit-successful-logon-logoff-and-failed-logons-in-activedirectory/
0
 
Sara TeasdaleCommented:
0
 
Sheldon LivingstonConsultantAuthor Commented:
At the end of the day we have something in the ether trying to log into our remote server.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.