RE: Event Log messages for failed logon attempts

From: Brad Judy (judy_at_colorado.edu)
Date: 11/04/03

  • Next message: Salmon, Daniel J.: "RE: Event Log messages for failed logon attempts"
    To: "'Sean Warnock'" <swarnock@warnocksolutions.com>, <FOCUS-MS@securityfocus.com>
    Date: Tue, 4 Nov 2003 11:11:31 -0700
    
    

    It sounds like you're trying to write something like this:
    http://pantheon.yale.edu/~kjh27/logger.html

    The author may be willing to distribute it beyond other EDUs if you ask.

    Brad Judy

    Information Technology Services
    University of Colorado at Boulder

    > -----Original Message-----
    > From: Sean Warnock [mailto:swarnock@warnocksolutions.com]
    > Sent: Saturday, October 25, 2003 8:59 AM
    > To: FOCUS-MS@securityfocus.com
    > Subject: Event Log messages for failed logon attempts
    >
    > I am currently working on a small script that will
    > parse the event logs of a Windows NT/2000/2003 domain
    > controller looking for failed logon attempts. I am currently
    > aware of event log message 529.
    > I believe that I have been able to generate several other
    > error messages for failed logon attempts depending upon what
    > a client is using to authenticate with (ex. Kerberos, NTLM,
    > etc...). Does anyone have any other input or articles that
    > they would suggest as the only KB article that I have found
    > so far was 299475.
    >
    > Sean
    >
    > --------------------------------------------------------------
    > -------------
    > FREE Whitepaper: Better Management for Network Security
    >
    > Looking for a better way to manage your IP security?
    > Learn how Solsoft can help you:
    > - Ensure robust IP security through policy-based management
    > - Make firewall, VPN, and NAT rules interoperable across
    > heterogeneous networks
    > - Quickly respond to network events from a central console
    >
    > Download our FREE whitepaper at:
    > http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015
    > --------------------------------------------------------------
    > -------------
    >
    >

    ---------------------------------------------------------------------------
    Network with over 10,000 of the brightest minds in information security
    at the largest, most highly-anticipated industry event of the year.
    Don't miss RSA Conference 2004! Choose from over 200 class sessions and
    see demos from more than 250 industry vendors. If your job touches
    security, you need to be here. Learn more or register at
    http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
    and use priority code SF4.
    ---------------------------------------------------------------------------


  • Next message: Salmon, Daniel J.: "RE: Event Log messages for failed logon attempts"

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #50
      ... Subject: SecurityFocus Microsoft Newsletter #50 ... Specialist in Microsoft's Security Services Partner Program, ... Network Monitoring for Intrusion Detection ... Relevant URL: ...
      (Focus-Microsoft)
    • << SBS News of the week - Sept 26 >>
      ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
      (microsoft.public.backoffice.smallbiz)
    • << SBS News of the week - Sept 26 >>
      ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
      (microsoft.public.backoffice.smallbiz2000)
    • Re: << SBS News of the week - Sept 26 >>
      ... > And he points to the info you need to put the file on the server in the ... > at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... An attacker can exploit these flaws in tandem via specially ...
      (microsoft.public.backoffice.smallbiz2000)
    • << SBS News of the week - Sept 26 >>
      ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
      (microsoft.public.windows.server.sbs)