Weird Windows logon attempts
From: Harry Hoffman (hhoffman@ip-solutions.net)
Date: 02/24/03
- Previous message: Christopher Hummert: "RE: Weird Profile in Documents and Settings"
- Next in thread: Jacco Tunnissen: "Re: Weird Windows logon attempts"
- Reply: Jacco Tunnissen: "Re: Weird Windows logon attempts"
- Maybe reply: Bojan Zdrnja: "Re: Weird Windows logon attempts"
- Maybe reply: Terence Runge: "RE: Weird Windows logon attempts"
- Reply: H C: "Re: Weird Windows logon attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 24 Feb 2003 13:27:54 +1300 From: Harry Hoffman <hhoffman@ip-solutions.net> To: incidents@securityfocus.org
Hi All,
We have just setup ntsyslog from sourceforge.net. Our security policy is to log
events on failure and we have just started seeing the below events. After
talking with the users we are pretty sure that they are not attempting to access
the services. And they don't have accounts on that system.
Has anyone seen this? They are 2k/XP boxes. Does Windows 2k/XP automagically try
to find out what services are accessible?
Any insight would be great.
The username has been changed to USERNAME to protect, the hopefully, innocent.
Thanks,
Harry
Feb 22 13:27:49 exchange.auckland.ac.nz/exchange.auckland.ac.nz
security[failure] 681 NT AUTHORITY\SYSTEM The logon to account: USERNAME by:
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 from workstation: G731-220-4 failed. The
error code was: 3221225572
Feb 22 13:27:49 exchange.auckland.ac.nz/exchange.auckland.ac.nz
security[failure] 681 NT AUTHORITY\SYSTEM The logon to account: USERNAME by:
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 from workstation: G731-220-4 failed. The
error code was: 3221225572
-- Harry Hoffman ITSS Systems Team Leader University of Auckland hhoffman@auckland.ac.nz hhoffman@ip-solutions.net STANDARD DISCLAIMER: ********************************************** *This universe shipped by weight, not volume.* *Some expansion may have occured in shipping.* ********************************************* ------------------------------------------------- This mail sent through IpSolutions: http://www.ip-solutions.net/ ---------------------------------------------------------------------------- Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does. www.securityfocus.com/core
- Next message: Jacco Tunnissen: "Re: Weird Windows logon attempts"
- Previous message: Christopher Hummert: "RE: Weird Profile in Documents and Settings"
- Next in thread: Jacco Tunnissen: "Re: Weird Windows logon attempts"
- Reply: Jacco Tunnissen: "Re: Weird Windows logon attempts"
- Maybe reply: Bojan Zdrnja: "Re: Weird Windows logon attempts"
- Maybe reply: Terence Runge: "RE: Weird Windows logon attempts"
- Reply: H C: "Re: Weird Windows logon attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
