J
Juha
I'll notced on our clients SBS 2003 DC Eventlog (Systen) below warning
messages. Possible attack lasted apx. two hours and there are hundreds events
as below. If someone (a robot) really tried to log on as a administrator:
1. How do I know if he has he manged to do that?
2. How do I set some kind of timeout that a robot can't try to logon in
every second?
3. Remote Acces is enabled.
Event Type: Warning
Event Source: MSFTPSVC
Event Category: None
Event ID: 100
Date: 27.3.2007
Time: 0:42:50
User: N/A
Computer: SANDMANHP
Description:
The server was unable to logon the Windows NT account 'Administrator' due to
the following error: Logon failure: unknown user name or bad password. The
data is the error code.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2e 05 00 00 ....
messages. Possible attack lasted apx. two hours and there are hundreds events
as below. If someone (a robot) really tried to log on as a administrator:
1. How do I know if he has he manged to do that?
2. How do I set some kind of timeout that a robot can't try to logon in
every second?
3. Remote Acces is enabled.
Event Type: Warning
Event Source: MSFTPSVC
Event Category: None
Event ID: 100
Date: 27.3.2007
Time: 0:42:50
User: N/A
Computer: SANDMANHP
Description:
The server was unable to logon the Windows NT account 'Administrator' due to
the following error: Logon failure: unknown user name or bad password. The
data is the error code.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2e 05 00 00 ....