Print

[47_M450N_47]

Does anybody know what could be causing these?  They will appear in our Security Log from time to time (Windows SBS 2003 R2).  It isn't any of our users on the network.  Each time the user name will be something new and completely random, there's an example below.

Logon Failure:
    Reason:      Unknown user name or bad password
    User Name:   bullshit
    Domain:      
    Logon Type:   3
    Logon Process:   Advapi  
    Authentication Package:   MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    Workstation Name:   ****
    Caller User Name:   ****
    Caller Domain:   ****
    Caller Logon ID:   (0x0,0x3E7)
    Caller Process ID:   2076
    Transited Services:   -
    Source Network Address:   -
    Source Port:   -

Anybody know what could be causing these?  If somebody is trying to get in, is there a way to tell what port or service they are trying to access it through?  I'd like to turn it off.

[47_M450N_47]

Ok...so does anybody know of another forum (free) that I could ask this question at?

[Alex548]

Computing.net

By the way, check your server for viruses/trojans.

Edit:
You might also wanna download and run the Microsoft Baseline Security Analyzer tool (MBSA) to check for existing vulnerabilities.

This post has been edited by Alex548: Aug 10 2007, 12:19 AM

[47_M450N_47]

Yeah I've scanned it With SAV 10.1.5.5000 and it turns up clean.  I've also scanned it for rootkits with IceSword and Rootkit Revealer.  I downloaded and ran that Microsoft utility a few weeks ago and it didn't turn up anything either.  Thanks for the link, I'll see what they know.