IS Someone trying to hack my server? How to protect it?
Hi, From yesterday onwards i am facing several logon failure events on my server. I believe someone is trying brute force attack on my server. I had the rdp port opened for my server so that i could take remote desktop my server from the internet, i believe that's the problem. This server is our main hosts and has many virtual machines running in it. Please suggest me a way to protect it. We are not in a domain environment and have static ip address. An account failed to log on. Subject: Security ID: SYSTEM Account Name: "ServerName"$ Account Domain: "MyDomain" Logon ID: 0x3e7 Logon Type: 10 Account For Which Logon Failed: Security ID: NULL SID Account Name: root Account Domain: "MyServerName" Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc0000064 Process Information: Caller Process ID: 0x11b0 Caller Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ServerName Source Network Address: 210.212.232.3 (This ip changes from time to time, I tried ip lookup and ip trace information some originating from argentina, india(kerala) and taiwan) Source Port: 2519 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. Thanks and Regards Mohamed
May 14th, 2012 2:09am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics