Need Help WIth W2k3 Server and IIS

Need Help WIth W2k3 Server and IIS

am 03.08.2007 20:37:17 von buc

I have set up WEB server (Windows 2003 SP2 with IIS) to host a site. While
looking through the security events audit. I noticed a large number of
FAILURE AUDITS with the MICROSOFT_AUTHENTICATION_PACKAGE_V1 and KRBTGT\
service. These audits have various logon user names like PETER, APPLE, ROOT,
LISA, MASTER, DOG and other random names. It has the sourceworkstation = the
computer name of my server, and it has an error code of 0xC0000064. I am
concerned. This happens for about a minute and stops during certain days.
What is this? Is it an inside or outside hijack. What can this do? Can it
control the computer.
Thanks
BUC

Re: Need Help WIth W2k3 Server and IIS

am 04.08.2007 04:19:20 von Steve Schofield

If the machine is exposed to the internet. These are standard scan / hack
attempts against your machine. If your machine is inside your network,
there might be a person infected with a virus scanning the network.

--

Best regards,

Steve Schofield
Windows Server MVP - IIS
http://weblogs.asp.net/steveschofield

http://www.IISLogs.com
Log archival solution.
Install, Configure, Forget

"BUC" wrote in message
news:%23oNiX1f1HHA.3536@TK2MSFTNGP06.phx.gbl...
>I have set up WEB server (Windows 2003 SP2 with IIS) to host a site. While
> looking through the security events audit. I noticed a large number of
> FAILURE AUDITS with the MICROSOFT_AUTHENTICATION_PACKAGE_V1 and KRBTGT\
> service. These audits have various logon user names like PETER, APPLE,
> ROOT,
> LISA, MASTER, DOG and other random names. It has the sourceworkstation =
> the
> computer name of my server, and it has an error code of 0xC0000064. I am
> concerned. This happens for about a minute and stops during certain days.
> What is this? Is it an inside or outside hijack. What can this do? Can it
> control the computer.
> Thanks
> BUC
>

Re: Need Help WIth W2k3 Server and IIS

am 06.08.2007 19:17:03 von Roopesh K K

If this is a web server, open only necessary port...

Regards,
Roopesh

"Steve Schofield" wrote in message
news:#wSLf3j1HHA.4476@TK2MSFTNGP06.phx.gbl...
> If the machine is exposed to the internet. These are standard scan / hack
> attempts against your machine. If your machine is inside your network,
> there might be a person infected with a virus scanning the network.
>
> --
>
> Best regards,
>
> Steve Schofield
> Windows Server MVP - IIS
> http://weblogs.asp.net/steveschofield
>
> http://www.IISLogs.com
> Log archival solution.
> Install, Configure, Forget
>
> "BUC" wrote in message
> news:%23oNiX1f1HHA.3536@TK2MSFTNGP06.phx.gbl...
>>I have set up WEB server (Windows 2003 SP2 with IIS) to host a site. While
>> looking through the security events audit. I noticed a large number of
>> FAILURE AUDITS with the MICROSOFT_AUTHENTICATION_PACKAGE_V1 and KRBTGT\
>> service. These audits have various logon user names like PETER, APPLE,
>> ROOT,
>> LISA, MASTER, DOG and other random names. It has the sourceworkstation =
>> the
>> computer name of my server, and it has an error code of 0xC0000064. I am
>> concerned. This happens for about a minute and stops during certain days.
>> What is this? Is it an inside or outside hijack. What can this do? Can it
>> control the computer.
>> Thanks
>> BUC
>>
>