logon type 3 attacks

Discussion in 'Server Security' started by sznycell, Jun 8, 2011.

  1. sznycell

    sznycell Guest

    Hi there
    Iam battling this issue for a while now and still can't figure out the
    source. Our server is getting bombarded with Logon type 3 attempts (9258
    last night).
    Is it possible that one of our workstations got compromised and is being
    used as entry point? Or is it a SMTP attack (this is a SBS 2003 server)?
    Process ID 1720 is inetinfo.exe
    Any help is appreciated, Thanks


    Logon Failure:
    Reason: Unknown user name or bad password
    User Name: 1234
    Domain:
    Logon Type: 3
    Logon Process: Advapi
    Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    Workstation Name: Our server name
    Caller User Name: Our server name$
    Caller Domain: Our domain name
    Caller Logon ID: (0x0,0x3E7)
    Caller Process ID: 1720
    Transited Services: -
    Source Network Address: -
    Source Port: -
     
    sznycell, Jun 8, 2011
    #1
    1. Advertisements

  2. sznycell

    pbarkann Guest

    I've got the same issue. I'm under attack (same as the rest of the computing world I suppose).....did you make any headway on this issue? I've also got 529's from a wide variety of other external IPs. I set up an IP Security rule to block all traffic from the IPs. The problem is, it isn't real time.....I read the logs then add the offending addresses. It's reactive, not proactive. OYE!

    Kindly let me know if you've found any solutions.
     
    pbarkann, Oct 23, 2012
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.