InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : SBS 2003 remote attacks? |
| Answer» <html><body><p>Hi all,<br/><br/>For the past two weeks we have been getting remote attacks on our server. This is an example of an entry in the event viewer:<br/><br/><strong><strong><strong>Event Type:<a href="https://interviewquestions.tuteehub.com/tag/failure-769698" style="font-weight:bold;" target="_blank" title="Click to know more about FAILURE">FAILURE</a> Audit<br/>Event Source:Security<br/>Event Category:Logon/Logoff <br/>Event ID:529<br/>Date:16/02/2014<br/>Time:13:11:24<br/><a href="https://interviewquestions.tuteehub.com/tag/user-25565" style="font-weight:bold;" target="_blank" title="Click to know more about USER">USER</a>:NT AUTHORITY\SYSTEM<br/>Computer:SERVER<br/>Description:<br/>Logon Failure:<br/>Reason:Unknown user name or bad password<br/>User Name:exim<br/>Domain:<br/>Logon Type:3<br/>Logon <a href="https://interviewquestions.tuteehub.com/tag/process-11618" style="font-weight:bold;" target="_blank" title="Click to know more about PROCESS">PROCESS</a>:Advapi <br/><a href="https://interviewquestions.tuteehub.com/tag/authentication-11502" style="font-weight:bold;" target="_blank" title="Click to know more about AUTHENTICATION">AUTHENTICATION</a> Package:MICROSOFT_AUTHENTICATION_PACKAGE_V1_0<br/>Workstation Name:SERVER<br/>Caller User Name:SERVER$<br/>Caller Domain:XXXXXX<br/>Caller Logon ID:(0x0,0x3E7)<br/>Caller Process ID:1692<br/>Transited Services:-<br/>Source Network Address:-<br/>Source Port:-</strong></strong></strong><br/><br/>Can anyone advise on how to block this? Any advice would be greatly appreciated!! Please help!<br/></p></body></html> | |