Failed Logins from external addresses
Hi,I recently started a trial GFI/MaxFocus RMM software. It high-lighted a couple of servers getting numerous failed logins. One of these, a 2008 R2 64 bit server, is getting between 4 and 5,000 failed logins daily. The login attempts originate from IP addresses in numerous European countries and the US, and on varying ports.The server sits behind a SonicWall TZ 205. It would be useless to block IP addresses as the login attempts are from constantly changing sources. There is a branch office that makes terminal connections to this server, and the GFI software is using some port or ports for its service. The server gets Windows updates periodically. Those are the only services I am aware that require communication of this server with the outside world.I can specifically allow ports required by these services with the outside at the...
This topic first appeared in the Spiceworks Community
You should adapt the menu.lst of the backed up OS like this:
# (0) Arch Linux
title Arch Linux
root (hd1,0)
kernel /boot/vmlinuz-linux root=/dev/sdb1 ro
initrd /boot/initramfs-linux.img
explanation:
- Your root should be (hd1,0) because the external disc is the second hard disc (assuming root=/dev/sdb1 is correct).
- The kernel and initrd line should have /boot, because you don't have a seperate boot partition.
Also, you didn't adapt your fstab of the backed up hard disk. In particular, you have to remove the entries for /boot, /home and swap. The entry of root file system is also wrong, because you still have the old UUID in it:
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
tmpfs /tmp tmpfs nodev,nosuid 0 0
/dev/sdb1 / ext4 defaults 0 1
Finally, I think not following the excludes in the wiki will also cause problems.
Similar Messages
-
Proxy login from externally authenticated user
Hi Experts,
I created an externally authenticated user in database. And can login without password with below syntax.
SQL> connect / @TESTDB
Connected.
SQL> show user;
USER is "SCOTT"
This scott user has a proxy permission to another DBuser PROXY_USER.
I got the syntax but that works only from Database OS.
sqlplus [proxy_user]/
SQL*Plus: Release 11.1.0.6.0 Production on Mon Nov 15 16:28:47 2010
Copyright (c) 1982, 2010, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Release 11.1.0.6.0 - 64bit Production
I can connect as externally authenticated user from windows CLIENT running on Release 10.2.0.1.0
SQL> connect / @TESTDB
Connected.
But the above mentioned Proxy connectivity syntax fails with below from CLIENT
SQL> connect [proxy_user]/ @TESTDB
SP2-0306: Invalid option.
Usage: CONN[ECT] [logon] [AS {SYSDBA|SYSOPER}]
where <logon> ::= <username>[<password>][@<connect_identifier>] | /
But the same syntax works from Database OS!
I can login from TOAD but can't login from SQLDEVELOPER or SQLPLUS
My sqldeveloper version is:
Version 2.1.1.64
Build MAIN-64.45
and sqlplus is:
SQL*Plus: Release 10.2.0.1.0
Any idea?
Thanks.
Edited by: Nadvi on Nov 18, 2010 3:09 PMHi Nadvi
If you get SQLPLUS working SQLDeveloper (thick jdbc/oci/instant client) is certainly worth trying.
I am not sure what is the issue with your setup the proxy usecases I am familiar with are:
Through the SQLDeveloper ui
There are two ways of doing proxy logins:
where p1 is proxy user and c1 is proxy client:
1/single session method (if no 2nd password or distinguished name required)
on main connection popup
user: p1[c1]
password: p1
2/Two session method
Main Connection popup
user: p1
password p1
popup connection authentication
proxy client: c1
none or password or distinguished name
-Turloch
SQLDeveloper Team -
User is not able to Login from external supplier, using the WSS (ICH)
Hi Gurus,
The user is not able to login to the server externally from url.
dev_icm is giving below warnings:
[Thr 11052] IcmWatchDogThread: watchdog started
[Thr 11309] ** WARNING => HttpPlugInInit: Parameter icm/HTTPS/trust_client_with_issuer or icm/HTTPS/trust_client_with_subject not set => do
not trust any intermediary*
X.509 cert data will be removed from header [http_plg_mt. 720]
[Thr 11309] =================================================
[Thr 11309] = SSL Initialization on IBM RS/6000 with AIX
[Thr 11309] = (700_REL,May 3 2008,mt,ascii-uc,SAP_UC/size_t/void* = 16/64/64)
[Thr 11309] profile param "ssl/ssl_lib" = "/usr/sap/SCA/SYS/exe/run/libsapcrypto.o"
resulting Filename = "/usr/sap/SCA/SYS/exe/run/libsapcrypto.o"
[Thr 11309] = found SAPCRYPTOLIB 5.5.5C pl16 (Jun 10 2004) MT-safe
[Thr 11309] = current UserID: "scaadm", env-var USER="scaadm"
[Thr 11309] = using SECUDIR=/usr/sap/SCA/DVEBMGS41/sec
[Thr 11309] = secudessl_Create_SSL_CTX(): PSE "/usr/sap/SCA/DVEBMGS41/sec/SAPSSLA.pse" not found,
[Thr 11309] = using PSE "/usr/sap/SCA/DVEBMGS41/sec/SAPSSLC.pse" as fallback
[Thr 11309] = Success -- SapCryptoLib SSL ready!
[Thr 11309] =================================================
HTTPS (SSL) settings are as below, i think which means that no ssl certifiacts are required.
icm/HTTPS/verify_client = 0
Kindly help urgently.
regards,
MJthis is SCM system.
SSL CA's are set.
what should be value of the parameters?
icm/HTTPS/trust_ client_with_ issuer or
icm/HTTPS/trust_ client_with_ subject
http and https ssl conections are correctly set.
I think the SAPSSLA. pse" not found, is not the problem as the parameter icm/HTTPS/verify_ client = 0 is set, it means that no ssl certifiacts are required.
problem is coming when the system is being accessed from externally using other secure domain name.
the system is being accessed ok from web urs which is internal, but not external.
for example in strust tcode the domain name is *abc.com, which is running fine when accessing the system internally.
but when the user is accessing this sytem from other secure login from *xyz.com, which is also the same companys domain, then the user not able to login, its showing errir. -
Hi
It has been reported than an external person is unable to email one of our staff and is getting this bounceback.
The problem is, this member of staff has been here for year, emails works fine for everyone else etc, any ideas of the cause of the problem? We are using exchange 2010 fwiw
Subject: Mail delivery failed: returning message to sender
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients.
This is a permanent error. The following address(es) failed: [email protected]Hi,
I think the sender should check their exchange if there are any problems first.
Accroding to your description, it seems that this is not your problem.
Thanks.
Niko Cheng
TechNet Community Support -
Secondary email addresses fail login from abroad
From France the primary email address logs in to webmail OK, all the secondaries fail.
Ani ideas please?it's a webmail issue (connection to that server or not) not a broadband issue. Lots of the wrong type of issue are posted here but since you did not get a reply it is worth posting in the correct forum and that way you are more likely to be helped basically.
If my post was helpful then please click on the Ratings star on the left-hand side If the the reply answers your question fully then please select ’Mark as Accepted Solution’ -
Exchange 2010 Mail Enabled Distribution Group Won't Receive from External Address
Let me pre-empt the usual first response: yes, I've unchecked "require that all senders are authenticated" on the Message delivery Restrictions properties of Message Delivery Restrictions. I cannot get a message from an external mail server to
send to an internal mail-enable distribution group. It's working internally. I've checked our ironport and the message is being sent to exchange (at least I think it is).
How can I troubleshoot this?!
tfgeorgeIronport is definitely sending this email to exchange. Please read:
06 Jun 2011 08:53:20 (GMT -05:00)
Protocol SMTP interface Main Interface (IP Gateway IP) on incoming connection (ICID 17720578) from sender IP 65.54.190.154. Reverse DNS host bay0-omc3-s16.bay0.hotmail.com verified yes.
06 Jun 2011 08:53:20 (GMT -05:00)
(ICID 17720578) ACCEPT sender group UNKNOWNLIST match sbrs[-1.0:6.0] SBRS 3.0
06 Jun 2011 08:53:20 (GMT -05:00)
Start message 2136865 on incoming connection (ICID 17720578).
06 Jun 2011 08:53:20 (GMT -05:00)
Message 2136865 enqueued on incoming connection (ICID 17720578) from
[email protected].
06 Jun 2011 08:53:20 (GMT -05:00)
Message 2136865 on incoming connection (ICID 17720578) added recipient ([email protected]).
06 Jun 2011 08:53:20 (GMT -05:00)
Message 2136865 contains message ID header '<[email protected]>'.
06 Jun 2011 08:53:20 (GMT -05:00)
Message 2136865 original subject on injection: TEST
06 Jun 2011 08:53:20 (GMT -05:00)
Message 2136865 (1471 bytes) from
[email protected] ready.
06 Jun 2011 08:53:20 (GMT -05:00)
Message 2136865 matched per-recipient policy DEFAULT for inbound mail policies.
06 Jun 2011 08:53:20 (GMT -05:00)
Message 2136865 scanned by Anti-Spam engine: CASE. Interim verdict: Negative
06 Jun 2011 08:53:20 (GMT -05:00)
Message 2136865 scanned by Anti-Spam engine CASE. Interim verdict: definitely negative.
06 Jun 2011 08:53:20 (GMT -05:00)
Message 2136865 scanned by Anti-Spam engine: CASE. Final verdict: Negative
06 Jun 2011 08:53:20 (GMT -05:00)
Message 2136865 scanned by Anti-Virus engine Sophos. Interim verdict: CLEAN
06 Jun 2011 08:53:20 (GMT -05:00)
Message 2136865 scanned by Anti-Virus engine. Final verdict: Negative
06 Jun 2011 08:53:20 (GMT -05:00)
Message 2136865 queued for delivery.
06 Jun 2011 08:53:20 (GMT -05:00)
SMTP delivery connection (DCID 1658840) opened from IronPort interface 100.100.100.100 to IP address 100.100.100.100 on port 25.
06 Jun 2011 08:53:20 (GMT -05:00)
(DCID 1658840) Delivery started for message 2136865 to
[email protected].
06 Jun 2011 08:53:21 (GMT -05:00)
(DCID 1658840) Delivery details: Message 2136865 sent to
[email protected]
06 Jun 2011 08:53:21 (GMT -05:00)
Message 2136865 to
[email protected] received remote SMTP response '2.6.0 <[email protected]> [InternalId=919833] Queued mail for delivery'.
tfgeorge -
Failed booting from external usb hdd
Hey Community!
I struggle at backing up my arch linux operation system. I found this instruction but for newbies as me it seems to be a little bit hard to follow:
Full_System_Backup_with_rsync
The backup itself with rsync and the installation of GRUB bootloader seemed to be successful, but if I plug in the external hdd in another PC and boot from it, GRUB fails with ERROR 21.
I think, that my menu.lst is somehow incorrect. What I did:
full rsync to /mnt/usbHDD (mounted from /dev/sdb1)
my external hard disk is partitioned like that:
|| 160 gb ext4, sdb1 | UNUSED rest ||
blkid gives me that:
/dev/sda1: UUID="8f7f3e77-8acb-4724-862a-6c9678cadd29" TYPE="ext2"
/dev/sda2: UUID="c21b9563-ebf9-4b28-882d-fd8322693627" TYPE="swap"
/dev/sda3: UUID="78aad592-62d5-4752-8e04-50f17ff19705" TYPE="ext4"
/dev/sda4: UUID="b5cba3a9-5009-485f-b53c-6be526b51f55" TYPE="ext4"
/dev/sdc1: LABEL="storageHDD" UUID="49afd07d-1c11-448f-9b06-f7477cbe1b7c" TYPE="ext4"
The /etc/fstab of the original OS is:
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
tmpfs /tmp tmpfs nodev,nosuid 0 0
UUID=78aad592-62d5-4752-8e04-50f17ff19705 / ext4 defaults 0 1
UUID=8f7f3e77-8acb-4724-862a-6c9678cadd29 /boot ext2 defaults 0 1
UUID=b5cba3a9-5009-485f-b53c-6be526b51f55 /home ext4 defaults 0 1
UUID=c21b9563-ebf9-4b28-882d-fd8322693627 swap swap defaults 0 0
The /boot/grub/menu.lst of the original OS is:
# general configuration:
timeout 5
default 0
color light-blue/black light-cyan/blue
# (0) Arch Linux
title Arch Linux
root (hd0,0)
kernel /vmlinuz-linux root=/dev/disk/by-uuid/78aad592-62d5-4752-8e04-50f17ff19705 ro
initrd /initramfs-linux.img
# (1) Arch Linux
title Arch Linux Fallback
root (hd0,0)
kernel /vmlinuz-linux root=/dev/disk/by-uuid/78aad592-62d5-4752-8e04-50f17ff19705 ro
initrd /initramfs-linux-fallback.img
The /etc/fstab of the backed up (on hdd) OS is:
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
tmpfs /tmp tmpfs nodev,nosuid 0 0
UUID=78aad592-62d5-4752-8e04-50f17ff19705 / ext4 defaults 0 1
UUID=8f7f3e77-8acb-4724-862a-6c9678cadd29 /boot ext2 defaults 0 1
UUID=b5cba3a9-5009-485f-b53c-6be526b51f55 /home ext4 defaults 0 1
UUID=c21b9563-ebf9-4b28-882d-fd8322693627 swap swap defaults 0 0
The /boot/grub/menu.lst of the backed up (on hdd) OS is:
# (0) Arch Linux
title Arch Linux
root (hd0,0)
kernel /vmlinuz-linux root=/dev/sdb1 ro
initrd /initramfs-linux.img
# (1) Arch Linux
title Arch Linux Fallback
root (hd0,0)
kernel /vmlinuz-linux root=/dev/sdb1 ro
initrd /initramfs-linux-fallback.img
I don't have a clue what to change, since it is not clearly specified in the wiki...I followed exactly the instructions in the wiki, besides the include and excludes for rsync but that doesnt really matter
Appreciate your help
Last edited by athal (2012-06-25 21:09:16)You should adapt the menu.lst of the backed up OS like this:
# (0) Arch Linux
title Arch Linux
root (hd1,0)
kernel /boot/vmlinuz-linux root=/dev/sdb1 ro
initrd /boot/initramfs-linux.img
explanation:
- Your root should be (hd1,0) because the external disc is the second hard disc (assuming root=/dev/sdb1 is correct).
- The kernel and initrd line should have /boot, because you don't have a seperate boot partition.
Also, you didn't adapt your fstab of the backed up hard disk. In particular, you have to remove the entries for /boot, /home and swap. The entry of root file system is also wrong, because you still have the old UUID in it:
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
tmpfs /tmp tmpfs nodev,nosuid 0 0
/dev/sdb1 / ext4 defaults 0 1
Finally, I think not following the excludes in the wiki will also cause problems. -
Hi All
I have an existing website. As part of that website I have an area that customers can enter a username and password and login.
How can I redirect that login button to log into my webtools database
Regards
VincentCode:Other users have used a "single sign on" sort of solution. The code below is put into an ASPX page in the plug-ins directory the page is then called from a form on the existing website.
Here is the code:
>
> protected void Page_Load(object sender, System.EventArgs e)
> {
> string password = "cex2006";
> string returnto = "~/common/accounts/myaccount.aspx";
> if (Request.Form["userid"] != null) {
> if (Request.Form["password"] != null && >Request.Form["password"] == password) {
> NPUser u = new NPUser(Request.Form["userid"]);
> NPAccount a = new NPAccount(u.AccountID);
> if (u.Initialized) {
> if (u.ActiveFlag && a.Active) {
> base.Login(u.UserID, u.AccountID);
> u.MarkLogin(base.Request.UserHostAddress);
> u.ResolveCarts(base.SessionID);
> Response.Redirect(returnto);
> } else {
> Response.Write("Account Locked");
> }
> } else {
> Response.Write("User not In System");
> }
> } else {
> Response.Write("No master password specified or
> master password incorrect");
> }
> } else {
> Response.Write("No userid specified");
> }
> }
>
>
> -
Sending to Distribution Groups from External Addresses
Hi,
I am trying to send to a EX2013 Distribution list from the outside world. The list contains both internal users and external contacts. If I send it from internally the list gets send out correctly, if i try and send it out from the outside world only internal
users receive the emails but there is no errors or NDRs to tell me why.
I have allowed '<label for="ResultPanePlaceHolder_EditMailGroup_deliveryManagementSection_contentContainer_rblRequireSenderAuthentication_1" id="ResultPanePlaceHolder_EditMailGroup_deliveryManagementSection_contentContainer_rblRequireSenderAuthentication_1_label">Senders
inside and outside of my organization' in the Delivery Management tab.</label>
I do use GFI which shows the emails but just says OK so it doesn't seem like its that which is the issue.
Can anyone help please. I did do a Powershell but cannot remember what it was.Hi ,
On my side i will not prefer ecp for message tracking. Instead i will prefer EMS.
Below command will be used on the exchange management shell to have a grid-view on the output.
Get-TransportService | Get-MessageTrackingLog -Sender "external user" -ResultSize unlimited -MessageSubject "test" | Select-Object eventid,sender,timestamp,@{Name="Recipients";Expression={$_.recipients}},@{Name="RecipientStatus";Expression={$_.recipientstatus}},messagesubject
| Out-GridView
(or)
Below command will be used on the exchange management shell to have the output on the csv file.
Get-TransportService | Get-MessageTrackingLog -Sender "External user" -ResultSize unlimited -MessageSubject "test" | Select-Object eventid,sender,timestamp,@{Name="Recipients";Expression={$_.recipients}},@{Name="RecipientStatus";Expression={$_.recipientstatus}},messagesubject
| Export-csv c:\nithya.csv
Reference
Link for message tracking : http://exchangeserverpro.com/exchange-2010-message-tracking-log-search-powershell/
Thanks & Regards S.Nithyanandham -
Problem with failed logins for "Workstation" objects
All
I am currently seeing an issue in my environment since an upgrade of the
workstation ZENworks client to 6.5.
Basically our environment was all ZEN 3.2, over the last month we have
been force upgrading each site to ZENworks 6.5 for clients through the
login script. Since then we have had failed logins from various
workstations and the only way to resolve the issue, currently, is to
delete the workstation object and let it re-create itself which does
resolve the issue.
From a site perspective I am not in a position to delete 2000 workstaion
objects so they can re-register into the tree so I was wondering if
anyone had seen anything like this and knew how to resolve it?
Current count on Health Monitor:
Failed Logins Per Hour 3038 6096 N/A
Example Error:
Time: Monday, 27-11-2006 9:18 am
Address: IP 165.198.211.58
User: .CN=PUKWUL01523.OU=WKSTS.OU=THEALE.OU=UK.O=FLE.T=F LE-NDS.
I was thinking it may be a rights issues of some sort but any help
greatly received!!!!!
Paul> OK, we have tried that and it didnt work unfortunatly, we have also added
> public rights to the workstation container to see if it was a rights
> issue of some sort but again this didnt work.
>
> Paul
I did see this issue a while ago when moving from 3.2 to 6.5
What I might suggest is trying to force the upgraded PCs to create "new"
workstation objects.
As part of the upgrade process, unregister the Workstation Objects 1st,
then run the agent install. Have the ZFD7 Import policy create the
workstation Objects with a slight different name or in a slightly different
location.
I dont recall the details exactly so I wont say too much since I will not
have the facts 100% correctly, but it was an issue in which the old
workstation objects would lose the ability to authenticate after a few days
because of a switch in the WS Manager.
By having new objects made, the issue would be avoided.
The old ones should go aways shortly due to automatic workstation cleanup. -
Can't access apache webserver from external IPs with 10.5.5
I've just setup a new install of 10.5.5. I have one website configured on port 443 with SSL enabled. It all works fine internally.
My router forwards external requests on 443 on to the local machine (192.168.5.1) which I can see working as the server's firewall is logging the access as accepted:
Nov 24 19:37:10 server ipfw[4657]: 12308 Accept TCP 82.132.136.215:58095 192.168.5.1:443 in via en0
So neither the router nor the OS X server firewall is blocking the request, but the webserver is not responding. There is no mention of the access request in the apache access or error log.
As mentioned, the server is working perfectly from local IPs on the same subnet. netstat shows this setup for port 443:
tcp46 0 0 *.443 . LISTEN
Any one any ideas on what I can do to diagnose this? I had this working perfectly with OS X client's apache but since installing the server version I have no access from external IPs.
Cheers
RussellHi Harry, as expected, telnet server 22 works and responds with
Escape character is '^]'.
SSH-2.0-OpenSSH_5.1
But telnetting to 443 fails to connect after a minute or so and responds with
telnet: connect to address XX.XX.XX.XX: Operation timed out
telnet: Unable to connect to remote host
It may well be something to do with my IP setup. Internally, my network is on 192.168.5.X/255.255.255.0. My server is 192.168.5.1 and also provides internal DNS. Telnet works from internal IPs.
Externally I have a static IP and external DNS requests resolve to this static IP (as I can ssh to myserver.mydomain.com from external addresses and 'host myserver.mydomain.com' returns the correct info).
Perhaps Apache isn't responding because its seeing a request to the external IP address coming in, but I thought setting the site to respond to address 'any' should over come this. It worked fine with the client.
Cheers
Russell -
SQL Failed login Report - SSRS or HTML
Working on to create SSRS or HTMl Report for Failed Login from more then one server.
1) Get all Failed login information with server name and store it into one table
2) Create SSRS report.
Or If anyone has better script and Idea..
Thanks
Please Mark As Answer if it is helpful. \\Aim To Inspire Rather to Teach A.ShahHi,
You can use the sp_readerrorlog to get the current error log and only return failed logins. See:
Auditing Failed Logins in SQL Server
Simply, you can add multiple data sources and datasets with sp_readerrorlog stored procedure. The number of them depends on the number of SQL Servers which you want to audit. And add multiple tables in your report with the corresponding datasets in your
report.
You can use PowerShell to retrieve the information from multiple servers. It is similar to the method which mentioned in the following articles:
Check the Last SQL Server Backup Date using Windows PowerShell
http://www.mssqltips.com/sqlservertip/1784/check-the-last-sql-server-backup-date-using-windows-powershell/
Retrieve a List of SQL Server Databases and their Properties using PowerShell
http://www.mssqltips.com/sqlservertip/1759/retrieve-a-list-of-sql-server-databases-and-their-properties-using-powershell/
Automate collection and saving of failed logins for SQL Server
http://www.mssqltips.com/sqlservertip/1750/automate-collection-and-saving-of-failed-logins-for-sql-server/
Hope the information helps.
Tracy Cai
TechNet Community Support -
Hello,
I have create a an external content type .
I Choose "Connect with user's Identity".
I create a external list that uses the ExternalContentType.
When I try open the external list from browser by User "TestUser" . I get the following error "Message from External System : 'Login failed for user 'NT AUTHORITY\IUSR'.'"
My Question :
I need to know why pass the credential "NT AUTHORITY\IUSR" to connect to the data base not the
current log in"TestUser" ? How Can I solve it ?
Thanks
Hema
ASkHi,
did you configure Kerberos delegation?
NTLM fails when you try to open external list from client computer, because SharePoint cannot pass user's identity - "Double Hop" issue.
Take a look at confguring Kerberos for SharePoint 2010 white paper
Download Configuring Kerberos Authentication for Microsoft SharePoint 2010 Products from Official Microsoft Download Center
http://www.microsoft.com/en-us/download/details.aspx?id=23176
Robi MCT Kompas Xnet d.o.o. Ljubljana | blog: http://xblogs.kompas-xnet.si | website: http://www.kompas-xnet.si
Slovenia
Please vote if you find reply useful or mark it as answer.
Thank you -
Our Windows 2008R2 security log is full of failed login attempt events 4776, but we're unable to block them because no IP address is provided for the network source of these attempts - like it was in Windows 2003 Server.
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 9/26/2012 2:32:27 AM
Event ID: 4776
Task Category: Credential Validation
Level: Information
Keywords: Audit Failure
User: N/A
Computer: MAIL.XYZ.COM
Description:
The computer attempted to validate the credentials for an account.
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: admin
Source Workstation: MAIL
Error Code: 0xc0000064
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4776</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>14336</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2012-09-26T06:32:27.570062500Z" />
<EventRecordID>18318</EventRecordID>
<Correlation />
<Execution ProcessID="452" ThreadID="540" />
<Channel>Security</Channel>
<Computer>MAIL.XYZ.COM</Computer>
<Security />
</System>
<EventData>
<Data Name="PackageName">MICROSOFT_AUTHENTICATION_PACKAGE_V1_0</Data>
<Data Name="TargetUserName">admin</Data>
<Data Name="Workstation">MAIL</Data>
<Data Name="Status">0xc0000064</Data>
</EventData>
</Event>The user names are all different in these log events, and they constantly change, which may indicate a hacking attempt. However, in Windows 2003 these type of events looked like this, showing the IP address the request came from, so we could trace
and block them -- but not in Windows 2008:
Logon Failure:
Reason: Unknown user name or bad password
User Name: s
Domain: MAIL
Logon Type: 10
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: MAIL
Caller User Name: MAIL$
Caller Domain: XXXX
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 3728
Transited Services: -
Source Network Address: 202.67.170.186
Source Port: 57365 -
How to get control over the ports/port forwarding etc in Airport Extreme?
How to make AE drop packets to certain ports from external ports. Or create whitelist/blacklists?
I figured out where the MAC filtering is! (It is inside the Timed Access Control). I wish it had a list of connected device and allowed me to select, name and add them.
I am getting requests from Chinese IP to the screen sharing ports forwarded to my iMac. Had requests to other ports as well. There was one IP address from CANADA too.
I want to open file sharing for local use only.Why is Airport Extreme forwarding requests for screen sharing from external ip addresses to my imac? I don't have a public address, nor use dynamic dns service, and I have removed the server app (at least I think I have, but Apple Store doesn't think so).
Maybe you are looking for
-
Can't Share Photos in iPhoto 2 10.3 as I did with 10.2.8
Can anyone help? I have searched the discussions an have not been able to resolve this issue. We had always been able to share one iPhoto library over our school network so that all teachers can add to it with the photos they have taken. We recently
-
Metadata values not showing in Site Studio layout using Idoc Script
Hi All, We have a SS layout (secondary) with replaceable regions for showing content that is listed in a primary page dynamic list. Part of the layout shows contribution elements of Contributor Data File content items, but part of layout also shows m
-
Whats help ... how can i istal nokia asha 201 cert...
could not connect to server! certificates was issued by an unrecognized entity Solved! Go to Solution.
-
hello, i´ve try to connect my z 10 to pc whith bb link and i can t, it stays a lot of time thinking, and nothing. how can i do a backup copy of my z 10 whitout bb link, and why in the divice bb protect don´t allow backups?
-
I know that the guide is provided by a service rather than directly from Verizon. I have a couple of issues that I'd like on the record. It would be nice if the names of the actors and actresses would be listed in the description.. It would be nice i