T
Talinc
Running windows Smal Business Server 2003 SP2
Monitoring reports gives us Errors on event id 529 occurrenses from 7 to
2986
Server is placed behind a firewall with only port 80, 25, 443 open
Sample of the errors we get:
Logon Failure:
Reason: Unknown user name or bad password
User Name: admin
Domain: SBR
Logon Type: 8
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: SERVER1
Caller User Name: SERVER1$
Caller Domain: SBR
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 6824
Transited Services: -
Source Network Address: -
Source Port: -
---------------------
Reason: Unknown user name or bad password
User Name: test
Domain: SBR
Logon Type: 10
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: SERVER1
Caller User Name: SERVER1$
Caller Domain: SBR
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 6392
Transited Services: -
Source Network Address: 217.91.92.202
Source Port: 63078
---------------------------------
Reason: Unknown user name or bad password
User Name: admin
Domain: SBR
Logon Type: 10
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: SERVER1
Caller User Name: SERVER1$
Caller Domain: SBR
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 7064
Transited Services: -
Source Network Address: 124.207.243.12
Source Port: 3894
----------
Reason: Unknown user name or bad password
User Name: administrator
Domain: SBR
Logon Type: 10
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: SERVER1
Caller User Name: SERVER1$
Caller Domain: SBR
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 764
Transited Services: -
Source Network Address: 124.207.243.15
Source Port: 1573
----------------
Reason: Unknown user name or bad password
User Name: administrator
Domain: SBR
Logon Type: 10
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: SERVER1
Caller User Name: SERVER1$
Caller Domain: SBR
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 2612
Transited Services: -
Source Network Address: 124.207.243.15
Source Port: 4012
Monitoring reports gives us Errors on event id 529 occurrenses from 7 to
2986
Server is placed behind a firewall with only port 80, 25, 443 open
Sample of the errors we get:
Logon Failure:
Reason: Unknown user name or bad password
User Name: admin
Domain: SBR
Logon Type: 8
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: SERVER1
Caller User Name: SERVER1$
Caller Domain: SBR
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 6824
Transited Services: -
Source Network Address: -
Source Port: -
---------------------
Reason: Unknown user name or bad password
User Name: test
Domain: SBR
Logon Type: 10
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: SERVER1
Caller User Name: SERVER1$
Caller Domain: SBR
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 6392
Transited Services: -
Source Network Address: 217.91.92.202
Source Port: 63078
---------------------------------
Reason: Unknown user name or bad password
User Name: admin
Domain: SBR
Logon Type: 10
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: SERVER1
Caller User Name: SERVER1$
Caller Domain: SBR
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 7064
Transited Services: -
Source Network Address: 124.207.243.12
Source Port: 3894
----------
Reason: Unknown user name or bad password
User Name: administrator
Domain: SBR
Logon Type: 10
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: SERVER1
Caller User Name: SERVER1$
Caller Domain: SBR
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 764
Transited Services: -
Source Network Address: 124.207.243.15
Source Port: 1573
----------------
Reason: Unknown user name or bad password
User Name: administrator
Domain: SBR
Logon Type: 10
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: SERVER1
Caller User Name: SERVER1$
Caller Domain: SBR
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 2612
Transited Services: -
Source Network Address: 124.207.243.15
Source Port: 4012