logon type 3 attacks



Hi there
Iam battling this issue for a while now and still can't figure out the
source. Our server is getting bombarded with Logon type 3 attempts (9258
last night).
Is it possible that one of our workstations got compromised and is being
used as entry point? Or is it a SMTP attack (this is a SBS 2003 server)?
Process ID 1720 is inetinfo.exe
Any help is appreciated, Thanks


Logon Failure:
Reason: Unknown user name or bad password
User Name: 1234
Domain:
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: Our server name
Caller User Name: Our server name$
Caller Domain: Our domain name
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 1720
Transited Services: -
Source Network Address: -
Source Port: -

.



Relevant Pages

  • Re: Problem with syncing mobile device...
    ... Exchange 2003 mailbox. ... The security log on the CAS server has successful logons for my account on ... the Logon Type 3 but there are failures for my account with Logon Type 8. ...
    (microsoft.public.exchange.admin)
  • empty fields in event 534
    ... " Logon Type: 2" ... " Caller User Name: R02$" ... The event is generated when user have no access to R02 server, ...
    (microsoft.public.win2000.networking)
  • why empty source port address?
    ... " Logon Type: 2" ... " Caller User Name: R02$" ... The event is generated when user have no access to R02 server, ...
    (microsoft.public.win2000.general)
  • Re: Win95 to Server2003
    ... In my eventvwr on the server I see: Successful network logon: Username: ... Username: userguy, domain: fallacy, logon type: 3. ... If I have to use the AD client for 9x, ...
    (microsoft.public.windows.server.active_directory)
  • Re: How to troubleshoot IIS6 anonymous authentication problem
    ... >- Server is a domain controller ... >When I try to navigate to a website on the server from a client, ... >The user has not been granted the specified logon type at this machine. ... Make sure the IUSR account has Logon From Network rights, ...
    (microsoft.public.inetserver.iis.security)