how to block intruder attack
From: Asanga (asanga@idnw.com)
Date: 08/12/02
- Next message: Ricardo M. Urbano - W2K/NT4 MVP: "Re: New User security questions"
- Previous message: David M. Streb, MCSE: "Administrator and Domain Administrator"
- Next in thread: karl [x y]: "Re: how to block intruder attack"
- Reply: karl [x y]: "Re: how to block intruder attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Asanga" <asanga@idnw.com> Date: Mon, 12 Aug 2002 08:31:12 -0700
I see on my security logs - login failed from workstation
that we don't recognize. How do I capture their IP and
block them from intruding the server further. Below is an
example from security log:
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 8/11/2002
Time: 2:35:58 PM
User: NT AUTHORITY\SYSTEM
Computer: SMSWEBSVR
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: TRAVELMEDIA
Domain: WG47
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package:
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: \\SABRENET
- Next message: Ricardo M. Urbano - W2K/NT4 MVP: "Re: New User security questions"
- Previous message: David M. Streb, MCSE: "Administrator and Domain Administrator"
- Next in thread: karl [x y]: "Re: how to block intruder attack"
- Reply: karl [x y]: "Re: how to block intruder attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
