Web server Security Issue

I have set up WEB server (Windows 2003 SP2 with IIS) to host a site. While
looking through the security events audit. I noticed a large number of
FAILURE AUDITS with the MICROSOFT_AUTHENTICATION_PACKAGE_V1 and KRBTGT\
service. These audits have various logon user names like PETER, APPLE, ROOT,
LISA, MASTER, DOG and other random names. It has the sourceworkstation = the
computer name of my server, and it has an error code of 0xC0000064. I am
concerned. This happens for about a minute and stops during certain days.
What is this? Is it an inside or outside hijack. What can this do? Can it
control the computer. (launch web site, type in keyboards commands?
Thanks
BUC

Re: Web server Security Issue

On Aug 3, 5:31 pm, "buc" wrote:
> I have set up WEB server (Windows 2003 SP2 with IIS) to host a site. While
> looking through the security events audit. I noticed a large number of
> FAILURE AUDITS with the MICROSOFT_AUTHENTICATION_PACKAGE_V1 and KRBTGT\
> service. These audits have various logon user names like PETER, APPLE, ROOT,
> LISA, MASTER, DOG and other random names. It has the sourceworkstation = the
> computer name of my server, and it has an error code of 0xC0000064. I am
> concerned. This happens for about a minute and stops during certain days.
> What is this? Is it an inside or outside hijack. What can this do? Can it
> control the computer. (launch web site, type in keyboards commands?
> Thanks
> BUC


If you have a publicly available server, then you have to expect to
see people attempt to hack your user logins and fail. You cannot
really stop it, just like you cannot stop people from making mistakes
or typing in the wrong password. You can only harden the system and
monitor it.

At this point, you have insufficient evidence to be concerned. The
events have no relation to controlling the computer, etc.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//