It is possibly using tcp 80 to a page that requires authentication.
If so, find the IP from the IIS logs, or from the security event log,
and define a rule to block all traffic from that IP (and then later
remember to remove after they have given up and the IP has
possibly been released to someone else)
--
Roger Abell
Microsoft MVP (Windows Server : Security)
Re: admin ... to monitor and react to types of unwanted ...network activity.... If so, find the IP from the IIS logs, or from the security event log,... (microsoft.public.windows.server.security)
Audit policy doesnt record authentication if logins are minutes apart? ... I turn on local security settings -> local policies -> audit ... policy -> audit account logon events to record user authentication to ... a website I have on a windows 2000 server (authentication using AD). ... My question is why does the security event log record my first login ... (microsoft.public.win2000.security)
RE: Unable to Authenticate in IIS using Basic Authentication ... But the weird thing is I had the Security Event log to Overright events as ... > Failed to impersonate the Anonymous User for ASP Application ... > Using Basic Authentication no domain users can get authenticated. ... (microsoft.public.inetserver.iis)
Re: SITESERVER=ID=870827cf90603c171254741b02f10864 - ... That's not necessarily for authentication.... filter that tagged all requests for visit reporting as well. ... look for an ISAPI filter on the sites ... > My IIS logs are showing this attached to the end of the entries: ... (microsoft.public.inetserver.iis)
