B
Bryan Bowers
Hello,
My client received 30 of the following event ids on their
Exchange 2000 server with a few seconds of each other.
The server is properly firewalled (did a port scan) from
the internet. It appears that this attack could only have
come from the LAN and wanted to see if there is some other
possibility? The bad guy used username abc and
administrator as well.
--------
Event type: Failure audit
Event source: Security
Category: Logon/Logoff
Event ID: 529
Date: 10/17/2003
Time: 3:22:07 AM
User: NT authority\system
Computer: *******
Description:
Logon Failure:
Reason: Unknown users name or bad password
User Name: abc
Domain:
Logon Type: 3
Logon Process: advapi
Auth package:
Microsoft_Authentication_package_v1_0
Workstation name: *******
My client received 30 of the following event ids on their
Exchange 2000 server with a few seconds of each other.
The server is properly firewalled (did a port scan) from
the internet. It appears that this attack could only have
come from the LAN and wanted to see if there is some other
possibility? The bad guy used username abc and
administrator as well.
--------
Event type: Failure audit
Event source: Security
Category: Logon/Logoff
Event ID: 529
Date: 10/17/2003
Time: 3:22:07 AM
User: NT authority\system
Computer: *******
Description:
Logon Failure:
Reason: Unknown users name or bad password
User Name: abc
Domain:
Logon Type: 3
Logon Process: advapi
Auth package:
Microsoft_Authentication_package_v1_0
Workstation name: *******