Re: What does this mean??? Event Log Scan

From: Birl (sbirl_at_temple.edu)
Date: 07/31/03

Next message: chris: "Re: ping, traceroute, nampwin doesnt seem to work"

Previous message: Adam Overlin: "RE: Cisco Workaround"
In reply to: Chance Orr: "What does this mean??? Event Log Scan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 31 Jul 2003 14:00:12 -0400 (EDT)
To: security-basics@securityfocus.com

As it was written on Jul 31, thus Chance Orr spake unto security-basics@sec...:

Chance: Date: 31 Jul 2003 04:41:15 -0000
Chance: From: Chance Orr <karismau@yahoo.com>
Chance: To: security-basics@securityfocus.com
Chance: Subject: What does this mean??? Event Log Scan
Chance:
Chance:
Chance:
Chance: 07/30/2003 23:49:02 612 Audit Policy Change Success audit Critical Security SYSTEM xxxxxxxxxx
Chance: 07/30/2003 23:49:02 540 Successful Network Logon Success audit Critical Security ANONYMOUS LOGON xxxxxxxxxx
Chance: 07/30/2003 23:49:24 680 Account Used for Logon Failure audit Critical Security SYSTEM xxxxxxxxxx
Chance: 07/30/2003 23:49:24 529 LF: Bad user name/password Failure audit Critical Security SYSTEM xxxxxxxxxx
Chance: 07/30/2003 23:49:33 680 Account Used for Logon Success audit Critical Security SYSTEM xxxxxxxxxx
Chance:
Chance: This appears in my event log everytime I start my pc. I am using a
Chance: firewall & XP-Home
Chance:
Chance: thanx

(disabled wrapping your message. You should try not to word-wrap logs.)

A code of 612 means that someone (in this case the SYSTEM account) was
successful in changing a Policy.

A code of 680 means that someone (not the SYSTEM account) tried to log
onto the computer but failed.
From my experience, there's insufficent data in this log entry to
determine what method the SYSTEM account was using to log into the
computer (Interactive, Network, Batch job, etc)

A code of 529 means that someone (not the SYSTEM account) tried to log
onto the computer but the wrong password was used.

For additional information, search http://support.microsoft.com/ for
"Security Event Description"

Thanks

Scott Birl http://concept.temple.edu/sysadmin/
Senior Systems Administrator Computer Services Temple University
====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====*

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: chris: "Re: ping, traceroute, nampwin doesnt seem to work"

Previous message: Adam Overlin: "RE: Cisco Workaround"
In reply to: Chance Orr: "What does this mean??? Event Log Scan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]