Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
logon type 3 attacks
786 views
Skip to first unread message
sznycell
Jun 8, 2011, 11:19:27 AM6/8/11
to
Hi there
Iam battling this issue for a while now and still can't figure out the
source. Our server is getting bombarded with Logon type 3 attempts (9258
last night).
Is it possible that one of our workstations got compromised and is being
used as entry point? Or is it a SMTP attack (this is a SBS 2003 server)?
Process ID 1720 is inetinfo.exe
Any help is appreciated, Thanks
Iam battling this issue for a while now and still can't figure out the
source. Our server is getting bombarded with Logon type 3 attempts (9258
last night).
Is it possible that one of our workstations got compromised and is being
used as entry point? Or is it a SMTP attack (this is a SBS 2003 server)?
Process ID 1720 is inetinfo.exe
Any help is appreciated, Thanks
Logon Failure:
Reason: Unknown user name or bad password
User Name: 1234
Domain:
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: Our server name
Caller User Name: Our server name$
Caller Domain: Our domain name
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 1720
Transited Services: -
Source Network Address: -
Source Port: -
pbar...@gmail.com
Oct 23, 2012, 4:31:44 PM10/23/12
to
On Wednesday, June 8, 2011 8:19:27 AM UTC-7, sznycell wrote:
> Hi there Iam battling this issue for a while now and still can't figure out the source. Our server is getting bombarded with Logon type 3 attempts (9258 last night). Is it possible that one of our workstations got compromised and is being used as entry point? Or is it a SMTP attack (this is a SBS 2003 server)? Process ID 1720 is inetinfo.exeAny help is appreciated, ThanksLogon Failure:Reason: Unknown user name or bad password User Name: 1234Domain: Logon Type: 3Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: Our server nameCaller User Name: Our server name$ Caller Domain: Our domain nameCaller Logon ID: (0x0,0x3E7) Caller Process ID: 1720Transited Services: - Source Network Address: -Source Port: -
I've got the same issue. I'm under attack (same as the rest of the computing world I suppose).....did you make any headway on this issue? I've also got 529's from a wide variety of other external IPs. I set up an IP Security rule to block all traffic from the IPs. The problem is, it isn't real time.....I read the logs then add the offending addresses. It's reactive, not proactive. OYE!
Kindly let me know if you've found any solutions.
> Hi there Iam battling this issue for a while now and still can't figure out the source. Our server is getting bombarded with Logon type 3 attempts (9258 last night). Is it possible that one of our workstations got compromised and is being used as entry point? Or is it a SMTP attack (this is a SBS 2003 server)? Process ID 1720 is inetinfo.exeAny help is appreciated, ThanksLogon Failure:Reason: Unknown user name or bad password User Name: 1234Domain: Logon Type: 3Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: Our server nameCaller User Name: Our server name$ Caller Domain: Our domain nameCaller Logon ID: (0x0,0x3E7) Caller Process ID: 1720Transited Services: - Source Network Address: -Source Port: -
I've got the same issue. I'm under attack (same as the rest of the computing world I suppose).....did you make any headway on this issue? I've also got 529's from a wide variety of other external IPs. I set up an IP Security rule to block all traffic from the IPs. The problem is, it isn't real time.....I read the logs then add the offending addresses. It's reactive, not proactive. OYE!
Kindly let me know if you've found any solutions.
0 new messages