Re: Windows2000 Security event logs
From: Times Enemy (times_at_krr.org)
Date: 09/16/04
- Previous message: Marcos E. Rodriguez: "Re: Learning WAN technologies"
- In reply to: Dave Gonsalves: "Windows2000 Security event logs"
- Next in thread: Roger A. Grimes: "RE: Windows2000 Security event logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 15 Sep 2004 16:50:02 -0700 (MST) To: <security-basics@securityfocus.com>
Greetings.
I have not personally dealt with this, but one source i often turn to,
other than Google, is EventID.net to get a better grasp of what the heck
MS is trying to tell me.
http://eventid.net/display.asp?eventid=576&eventno=58&source=Security&phase=1
Good luck!
ciao
.te
> Hi All,
>
> Has anyone seen this type of Windows Security Event Log activity before?
> This was found on multiple computers.... All within a 2 minute time
> frame...same username and domain.
>
> EVENT ID: 576
> Special privileges assigned to new logon:
> User Name: username
> Domain:
> Logon ID: (0x0,0x5F893A8)
> Assigned: SeChangeNotifyPrivilege
>
> EVENT ID: 540
> Successful Network Logon:
> User Name: username
> Domain: DOMAIN
> Logon ID: (0x0,0x5F893A8)
> Logon Type: 3
> Logon Process: Kerberos
> Authentication Package: Kerberos
> Workstation Name:
>
> EVENT ID: 538
> User Logoff:
> User Name: username
> Domain: DOMAIN
> Logon ID: (0x0,0x5F893A8)
> Logon Type: 3
>
> One of the computers provided a source IP address so I have checked the
> computer of the user in question for root kits, trojans, ect. It is
> fully patched and has AV up to date
>
> thanks,
> Dave
>
> ---------------------------------------------------------------------------
> Computer Forensics Training at the InfoSec Institute. All of our class
> sizes are guaranteed to be 12 students or less to facilitate one-on-one
> interaction with one of our expert instructors. Gain the in-demand
> skills of a certified computer examiner, learn to recover trace data
> left behind by fraud, theft, and cybercrime perpetrators. Discover the
> source of computer crime and abuse so that it never happens again.
>
> http://www.infosecinstitute.com/courses/computer_forensics_training.html
> ----------------------------------------------------------------------------
---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
- Previous message: Marcos E. Rodriguez: "Re: Learning WAN technologies"
- In reply to: Dave Gonsalves: "Windows2000 Security event logs"
- Next in thread: Roger A. Grimes: "RE: Windows2000 Security event logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
