Sheldon Livingston
asked on
Failed login attempts found in log
My server 2003 machine is logging hundreds and hundreds of event 529 in the security log... failed log in attempt.
The logon type is 3... network type. The workstation is the server itself.
What would this mean?
The logon type is 3... network type. The workstation is the server itself.
What would this mean?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You could also refer to the following thread which a similar problem is discussed in:
https://security.stackexchange.com/questions/40810/is-it-wise-to-log-failed-login-attempts-of-non-existing-accounts
http://www.visualwin.com/Log-in/logging-failed-logins.html
https://security.stackexchange.com/questions/40810/is-it-wise-to-log-failed-login-attempts-of-non-existing-accounts
http://www.visualwin.com/Log-in/logging-failed-logins.html
ASKER
At the end of the day we have something in the ether trying to log into our remote server.
Some common causes for invalid logon events:
- Forgotten passwords, someone is entering the wrong password.
- An unauthorized individual is trying to gain access to the network.
- There is a persistent network connection with an invalid password.
- There is a service using a user account with an invalid password.
- Trust relationship has been broken.
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=529
http://www.eventid.net/display.asp?eventid=529&eventno=1&source=Security&phase=1
https://www.lepide.com/blog/audit-successful-logon-logoff-and-failed-logons-in-activedirectory/