Mystery Logins

Tutorials Win: Microsoft Windows Forum

NG,

I see messages like this occasionally. Should I be concerned about this
attempt at unauthorized access or is this related to the system in some way?

Logon Failure:
Reason: Unknown user name or bad password
User Name: webmaster
Domain:
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: xxxxxxx
Caller User Name: xxxxxx
Caller Domain: <domain name>
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 11840
Transited Services: -
Source Network Address: -
Source Port: -

--
Thanks,
Bill V
SBS ROCKS!
http://www.adelphiaseafood.com
http://sbsbill.blogspot.com/
Top

Re: Mystery Logins by Cris

Cris
Tue May 06 09:18:52 PDT 2008

This is a multi-part message in MIME format.

------=_NextPart_000_032C_01C8AF6A.F724FE10
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: quoted-printable

Not unusual to see
Just make sure that only the following ports are open to your server
25 - for email
443 - https for OWA and RWW
444 - https ONLY needs to be open if sharepoint/companyweb will be =
exposed to the world
4125 - RWW
3389 - if you want direct RDP connection to the server

And of course strong passwords

Doesn't mean they won't keep trying

--=20
Cris Hanna [SBS-MVP]
------------------------------------------
MVPs Do Not Work For Microsoft
-----------------------------------------------------
Please do not contact me directly. Please post only in the newsgroup so =
all can benefit


"Bill Vogel" <BillVogel@discussions.microsoft.com> wrote in message =
news:AE94FBAC-80E5-4C37-B734-31CD86C5935D@microsoft.com...
NG,

I see messages like this occasionally. Should I be concerned about this=20
attempt at unauthorized access or is this related to the system in some =
way?

Logon Failure:=20
Reason: Unknown user name or bad password=20
User Name: webmaster=20
Domain: =20
Logon Type: 3=20
Logon Process: Advapi=20
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0=20
Workstation Name: xxxxxxx =20
Caller User Name: xxxxxx
Caller Domain: <domain name>
Caller Logon ID: (0x0,0x3E7)=20
Caller Process ID: 11840=20
Transited Services: -=20
Source Network Address: -=20
Source Port: -=20

--=20
Thanks,
Bill V
SBS ROCKS!
http://www.adelphiaseafood.com
http://sbsbill.blogspot.com/
------=_NextPart_000_032C_01C8AF6A.F724FE10
Content-Type: text/html;
charset="Utf-8"
Content-Transfer-Encoding: quoted-printable

=EF=BB=BF<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8">
<META content=3D"MSHTML 6.00.2900.5512" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Not unusual to see</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Just make sure that only the following =
ports are=20
open to your server</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>25 - for email</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>443 - https for OWA and =
RWW</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>444 - https ONLY needs to be open if=20
sharepoint/companyweb will be exposed to the world</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>4125 - RWW</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>3389 - if you want direct RDP =
connection to the=20
server</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>And of course strong =
passwords</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Doesn't mean they won't keep =
trying</FONT></DIV>
<DIV><BR>-- <BR>Cris Hanna=20
[SBS-MVP]<BR>------------------------------------------<BR>MVPs Do Not =
Work For=20
Microsoft<BR>-----------------------------------------------------<BR>Ple=
ase do=20
not contact me directly.&nbsp; Please post only in the newsgroup so all =
can=20
benefit</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>"Bill Vogel" &lt;<A=20
href=3D"mailto:BillVogel@discussions.microsoft.com">BillVogel@discussions=
.microsoft.com</A>&gt;=20
wrote in message <A=20
href=3D"news:AE94FBAC-80E5-4C37-B734-31CD86C5935D@microsoft.com">news:AE9=
4FBAC-80E5-4C37-B734-31CD86C5935D@microsoft.com</A>...</DIV>NG,<BR><BR>I =

see messages like this occasionally. Should I be concerned about this=20
<BR>attempt at unauthorized access or is this related to the system in =
some=20
way?<BR><BR>Logon Failure: <BR>&nbsp; Reason: Unknown user name or bad =
password=20
<BR>&nbsp; User Name: webmaster <BR>&nbsp; Domain:&nbsp;&nbsp; =
<BR>&nbsp; Logon=20
Type: 3 <BR>&nbsp; Logon Process: Advapi <BR>&nbsp; Authentication =
Package:=20
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 <BR>&nbsp; Workstation Name: =
xxxxxxx&nbsp;=20
<BR>&nbsp; Caller User Name: xxxxxx<BR>&nbsp; Caller Domain: &lt;domain=20
name&gt;<BR>&nbsp; Caller Logon ID: (0x0,0x3E7) <BR>&nbsp; Caller =
Process ID:=20
11840 <BR>&nbsp; Transited Services: - <BR>&nbsp; Source Network =
Address: -=20
<BR>&nbsp; Source Port: - <BR><BR>-- <BR>Thanks,<BR>Bill V<BR>SBS =
ROCKS!<BR><A=20
href=3D"http://www.adelphiaseafood.com">http://www.adelphiaseafood.com</A=
><BR><A=20
href=3D"http://sbsbill.blogspot.com/">http://sbsbill.blogspot.com/</A></B=
ODY></HTML>

------=_NextPart_000_032C_01C8AF6A.F724FE10--

Top