Re: Attempted Remote Logins
From: AVB (avanbaelen_at_macrotransport.com)
Date: 06/15/05
- Next message: Joe Richards [MVP]: "Re: disable ip address"
- Previous message: IPvFletch: "Problem with Machine Certs being used as User Certs"
- In reply to: Chris Weber [Security MVP]: "Re: Attempted Remote Logins"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 15 Jun 2005 07:29:00 -0700
Thank you very much Chris for the reply. I really appreciate it. Any
attempted hack is a serious issue and has been a top priority for me
this week. I have searched high and low and have not found a solid
solution. In response to your question:
It is an application server and a file server and a database
server......It's busy. Although it might take some time I don't mind
removing the Everyone group and manually adding each group that I want
to have access to it.
The 680 Events I referred to are Failure Audits and from workstations
that are not on my network. Aside from editing the Local Security
Policy can I block any port/s to stop them attempting to connect?
I have a Successfull 540 (from unknown External IPs and workstations)
then a 560 Failure: Image File LSASS.exe Accesses: Enumerated Domains.
Are they trying to get the domain name? Thanks again!
- Next message: Joe Richards [MVP]: "Re: disable ip address"
- Previous message: IPvFletch: "Problem with Machine Certs being used as User Certs"
- In reply to: Chris Weber [Security MVP]: "Re: Attempted Remote Logins"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
