logon type 3 attacks



Hi there
Iam battling this issue for a while now and still can't figure out the
source. Our server is getting bombarded with Logon type 3 attempts (9258
last night).
Is it possible that one of our workstations got compromised and is being
used as entry point? Or is it a SMTP attack (this is a SBS 2003 server)?
Process ID 1720 is inetinfo.exe
Any help is appreciated, Thanks


Logon Failure:
Reason: Unknown user name or bad password
User Name: 1234
Domain:
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: Our server name
Caller User Name: Our server name$
Caller Domain: Our domain name
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 1720
Transited Services: -
Source Network Address: -
Source Port: -

.