Hi -
Hopefully someone can help me with this.. We have a Windows 2003 server,
that runs on IIS App -- (DB on another server) we are getting quite a few
IIS crashes, (which is a different subject,) but in investigating that
problem - I've run across Security Logins - that I'm concerned about..
A sample msg is below... this IP belongs to a device (not a PC) on our
network - that would have reason to be looking to this server - it is hitting
it regualrly every 30 minutes or so. I am also seeing PCs that are not on
our Network - ones I can not identify the names and they have 10 dot IP's.
I'm not getting enough info from this message to identify what is happening.
Any insight would be greatly appreciated!!! along with any recommendations!
Here is one of the Event log messages....
Event Type: SuccessA
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 2007/06/21
Time: 10:50:35 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: ServerXXXX
Successful Network Logon
User Name:
Domain:
Logon ID: (0x0,0x21418ED5)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: GNS-5B61EF19C1A
Logon GUID: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 156.98.xxx.xxx
Source Port: 0
If you need more info - I'll watch for responses. thanks in advance!!!
Cindy B
|
Similar Threads
Linear Mode
