Security logs...

I found about 3000 of these security entires this morning and am
concerned. I cannot ascertain if it is an outside attack of some sort if if
there is an IIS related service that has gone awry. The default adminsitrator
account has been changed, so I know this login is not correct. (Conversely, I
cannot track down what exactly is trying to log on.) These occured over about
a 3 hours period.
Any thoughts?

Thanks,
-SV

Logon Failure:
Reason: Unknown user name or bad password
User Name: Administrator
Domain: PSG
Logon Type: 8
Logon Process: IIS
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: SERVER
Caller User Name: SERVER$
Caller Domain: DOMAIN
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 1712
Transited Services: -
Source Network Address: -
Source Port: -

Re: Security logs...

Unless I am mistaken, logon type 8 indicates NetworkCleartext
attempt to login as account PSG\Administrator
which in turns means you will probably have a very hard time
tracking down what was doing this.


"Vibbert" wrote in message
news:07C62FD9-7FE3-448F-8AD7-135AD4E4A92D@microsoft.com...
>I found about 3000 of these security entires this morning and am
> concerned. I cannot ascertain if it is an outside attack of some sort if
> if
> there is an IIS related service that has gone awry. The default
> adminsitrator
> account has been changed, so I know this login is not correct.
> (Conversely, I
> cannot track down what exactly is trying to log on.) These occured over
> about
> a 3 hours period.
> Any thoughts?
>
> Thanks,
> -SV
>
> Logon Failure:
> Reason: Unknown user name or bad password
> User Name: Administrator
> Domain: PSG
> Logon Type: 8
> Logon Process: IIS
> Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> Workstation Name: SERVER
> Caller User Name: SERVER$
> Caller Domain: DOMAIN
> Caller Logon ID: (0x0,0x3E7)
> Caller Process ID: 1712
> Transited Services: -
> Source Network Address: -
> Source Port: -