General discussion

Locked

Audit Failure - Logon/Logoff....

By CGriffith318 ·
Event Type: Audit Failure
Event Source: Security
Event Category: Logon/Logoff
Event I 529
Date: 6/18/2004
Time: 9:00:24 AM
User: SYSTEM
Computer: DomainController
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: UserName
Domain: PC
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: PC
Caller User Name: -
Caller Domain: -
Caller Logon I -
Caller Process I -
Transited Services: -
Source Network Address: xxx.xxx.xxx.xxx
Source Port: 0


Could someone please explain to me what this is and what kind of authnication NtLmSsp is.

We have received a bunch of these this morning. I fear that this may be an attempt to hack into our system. I have run scans on all ports and all are closed except the ones that are required. I thought maybe it was a login attempt to our exchange webemail but that shows a different process and it is not a computer in the domain cause that is a different process.

SO if someone could explain what that means and what that process does I would appreciate it. Also, what steps I should take to ensure a breech has not been made.

Thanks

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to Audit Failure - Logon/Log ...

here's a microsoft article http://support.microsoft.com/default.aspx?scid=kb;en-us;174073

follow the hyperlinks at the bottom of the article for more info on the thread. for a in depth explanation of NTLM authentication follow this link http://davenport.sourceforge.net/ntlm.html#whatIsNtlm

What NTLM authentication is a challenge response process in Microsoft O/Ss for clients use to prove their identity WITHOUT having to provide a password. Example, a knight approaches the gate to a castle. The sentry says halt who goes there, knight says It is I the king. and hands over documentation that says I'm the king. The guard looks and says humm looks like the king acts like one walks like on talks like one, has papers that says he's the king, must be the king. Sentry has NO orders that says no one, not even the king can enter without the secret password. So guard says "hiyas king howzit hanging and opens the gates".

Collapse -

by CG IT In reply to

moral of the story: always leave orders for the sentries that is NO one not even the king is allowed without the secret password.

Less apt to have the castle invaded.

Collapse -

by CG IT In reply to

simplistic example but thats the gist of it without some lenghty, boring, eye drooping, snooze inducing explanation of the NTLM challenge response authentication process.

Collapse -

by CG IT In reply to

oh remove any spaces in the links shown. If the first link doesn't work visit support.microsoft.com and in the search bar type 174073 and click go to bring up the article.

Collapse -

by CGriffith318 In reply to

Thank you for the information

Collapse -

by CGriffith318 In reply to Audit Failure - Logon/Log ...

This question was closed by the author

Back to Windows Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums