Frequent Security 560 Events
From: Dave Adams (dda2e@hotmail.com)
Date: 05/29/02
- Next message: Daniel Wilson: "Re: Logging time is not consistent with system time"
- Previous message: Egbert Nierop \(MVP for IIS\): "Re: Hacked... Yeah I know "You told me so""
- Next in thread: Daniel Wilson: "Re: Frequent Security 560 Events"
- Reply: Daniel Wilson: "Re: Frequent Security 560 Events"
- Reply: Scott Stahlman [MS]: "RE: Frequent Security 560 Events"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: dda2e@hotmail.com (Dave Adams) Date: 29 May 2002 06:04:56 -0700
My IIS box is sending out hundreds of Event 560 security events that
look like this:
Object Open:
Object Server: Security
Object Type: WindowStation
Object Name: \Windows\WindowStations\Service-0x0-3e7$
New Handle ID: -
Operation ID: {0,15031269}
Process ID: 2160527904
Primary User Name: SYSTEM
Primary Domain: NT AUTHORITY
Primary Logon ID: (0x0,0x3E7)
Client User Name: IUSR_MACHINE
Client Domain: MYSERVER
Client Logon ID: (0x0,0x5D4F)
Accesses Access global atoms
Privileges -
Does anyone have any ideas what it's trying to do? My guess is
someone is trying to hack me, or has already done so. Any other
ideas? Thanks in advance.
- Next message: Daniel Wilson: "Re: Logging time is not consistent with system time"
- Previous message: Egbert Nierop \(MVP for IIS\): "Re: Hacked... Yeah I know "You told me so""
- Next in thread: Daniel Wilson: "Re: Frequent Security 560 Events"
- Reply: Daniel Wilson: "Re: Frequent Security 560 Events"
- Reply: Scott Stahlman [MS]: "RE: Frequent Security 560 Events"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
