Hi all,
For the past two weeks we have been getting remote attacks on our server. This is an example of an entry in the event viewer:
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 16/02/2014
Time: 13:11:24
User: NT AUTHORITY\SYSTEM
Computer: SERVER
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: exim
Domain:
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: SERVER
Caller User Name: SERVER$
Caller Domain: XXXXXX
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 1692
Transited Services: -
Source Network Address: -
Source Port: -
Can anyone advise on how to block this? Any advice would be greatly appreciated!! Please help!
