malicious sign on attempts
From: Alan Greenstein (alan@dozernet.com)
Date: 02/13/03
- Next message: C Chapin: "Re: password complexity"
- Previous message: Dmitri Gavrilov [MSFT]: "Re: ACL's and permissions viewed after Migrating from NT 4 domain... The twilight zone?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Alan Greenstein" <alan@dozernet.com> Date: Thu, 13 Feb 2003 09:55:03 -0800
We have been bombarded with remote sign-on attempts from
ficticious domains trying to find a userID/Password
combination that works. The event log is filled with
event 529 messages similar this:
User Name: administrator
Domain: PDIPOWER
Logon Type: 3
Login Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: SRV1
Can anyone tell me how these attempted sign-ons are
sneaking in and how to prevent them. We do not use any
remote logins to our servers. Thanks.
- Next message: C Chapin: "Re: password complexity"
- Previous message: Dmitri Gavrilov [MSFT]: "Re: ACL's and permissions viewed after Migrating from NT 4 domain... The twilight zone?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
