Logon Failure: Reason: Unknown user name or bad password - User Name: anonymous@ftp.microsoft.com

• Previous message: krygim: "Ecrypting a database"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 5 Nov 2003 10:18:29 -0000

Hello all,

I've noticed on our SQL 2000 a jump in the number of Event 529 logs been
generated, with anonymous/malicious users trying to ftp into our server.

We have a 3Com DMZ firewall denying everything apart from whats needed and
Symantec AVP Corp Ed.
Also tightened down on Local security policies, but still we people trying
to attempt to FTP into our server.

Is there a way to stop this from happening?

Apart from shutting down the server or changing Public IP addresses until
these ppl find u again.

Many thx on your thoughts and comments.

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 03/11/2003
Time: 23:33:57
User: NT AUTHORITY\SYSTEM
Computer: SERVER
Description:
Logon Failure:
  Reason: Unknown user name or bad password
  User Name: anonymous@ftp.microsoft.com
  Domain: XAVIER
  Logon Type: 2
  Logon Process: IIS
  Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
  Workstation Name: SERVER

• Previous message: krygim: "Ecrypting a database"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]