Web server Security Issue

From: "buc" <buc@xxxxxxx>
Date: Fri, 3 Aug 2007 19:31:01 -0500

I have set up WEB server (Windows 2003 SP2 with IIS) to host a site. While
looking through the security events audit. I noticed a large number of
FAILURE AUDITS with the MICROSOFT_AUTHENTICATION_PACKAGE_V1 and KRBTGT\
service. These audits have various logon user names like PETER, APPLE, ROOT,
LISA, MASTER, DOG and other random names. It has the sourceworkstation = the
computer name of my server, and it has an error code of 0xC0000064. I am
concerned. This happens for about a minute and stops during certain days.
What is this? Is it an inside or outside hijack. What can this do? Can it
control the computer. (launch web site, type in keyboards commands?
Thanks
BUC

.

Follow-Ups:
- Re: Web server Security Issue
  - From: David Wang

Prev by Date: Re: Can't get to the select "process the pending request..." page
Next by Date: Re: Web server Security Issue
Previous by thread: Re: Can't get to the select "process the pending request..." page
Next by thread: Re: Web server Security Issue
Index(es):
- Date
- Thread

Relevant Pages

Re: Need Help
... looking through the security events audit. ... These audits have various logon user names like PETER, APPLE, ... and it has an error code of 0xC0000064. ... this means you have exposed authentication interfaces ...
(microsoft.public.windows.server.security)
Re: Web server Security Issue
... looking through the security events audit. ... FAILURE AUDITS with the MICROSOFT_AUTHENTICATION_PACKAGE_V1 and KRBTGT\ ... These audits have various logon user names like PETER, APPLE, ROOT, ... control the computer. ...
(microsoft.public.inetserver.iis.security)
Need Help
... looking through the security events audit. ... FAILURE AUDITS with the MICROSOFT_AUTHENTICATION_PACKAGE_V1 and KRBTGT\ ... These audits have various logon user names like PETER, APPLE, ROOT, ...
(microsoft.public.windows.server.general)