|
Answer» Hi all,
For the past two weeks we have been getting remote attacks on our server. This is an example of an entry in the event viewer:
Event Type:FAILURE Audit
Event Source:Security
Event Category:Logon/Logoff
Event ID:529
Date:16/02/2014
Time:13:11:24
USER:NT AUTHORITY\SYSTEM
Computer:SERVER
Description:
Logon Failure:
Reason:Unknown user name or bad password
User Name:exim
Domain:
Logon Type:3
Logon PROCESS:Advapi
AUTHENTICATION Package:MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name:SERVER
Caller User Name:SERVER$
Caller Domain:XXXXXX
Caller Logon ID:(0x0,0x3E7)
Caller Process ID:1692
Transited Services:-
Source Network Address:-
Source Port:-
Can anyone advise on how to block this? Any advice would be greatly appreciated!! Please help!
|
