IS Someone trying to hack my server? How to protect it?
Hi,
From yesterday onwards i am facing several logon failure events on my server. I believe someone is trying brute force attack on my server. I had the rdp port opened for my server so that i could take remote desktop my server from the internet, i believe
that's the problem. This server is our main hosts and has many virtual machines running in it. Please suggest me a way to protect it. We are not in a domain environment and have static ip address.
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: "ServerName"$
Account Domain: "MyDomain"
Logon ID: 0x3e7
Logon Type: 10
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: root
Account Domain: "MyServerName"
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc0000064
Process Information:
Caller Process ID: 0x11b0
Caller Process Name: C:\Windows\System32\winlogon.exe
Network Information:
Workstation Name: ServerName
Source Network Address: 210.212.232.3
(This ip changes from time to time, I tried ip lookup and ip trace information some originating from argentina, india(kerala) and taiwan)
Source Port: 2519
Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
Thanks and Regards Mohamed
May 14th, 2012 2:09am