Failed login attempts found in log

My server 2003 machine is logging hundreds and hundreds of event 529 in the security log... failed log in attempt.

The logon type is 3... network type.  The workstation is the server itself.

What would this mean?
Sheldon LivingstonConsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dr. KlahnPrincipal Software EngineerCommented:
(a) Somebody's trying to break in, or (b) there's malware / a virus in the system.  (b) is less likely because hostile software would already be in the system.

After hours, disconnect it from the network and see if the login attempts continue.  If they do, the system is infected with something.  If they don't, there's something/somebody on your network trying to break into the system.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Naveen SharmaCommented:
May be someone trying to brute force their way in.

Some common causes for invalid logon events:
- Forgotten passwords, someone is entering the wrong password.
- An unauthorized individual is trying to gain access to the network.
- There is a persistent network connection with an invalid password.
- There is a service using a user account with an invalid password.
- Trust relationship has been broken.


https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=529
http://www.eventid.net/display.asp?eventid=529&eventno=1&source=Security&phase=1
https://www.lepide.com/blog/audit-successful-logon-logoff-and-failed-logons-in-activedirectory/
0
Sara TeasdaleCommented:
0
Sheldon LivingstonConsultantAuthor Commented:
At the end of the day we have something in the ether trying to log into our remote server.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.