|
-
January 13th, 2009, 03:06 AM
#4
Neg,
at first I could not figure out why you were asking this, but I now I think I understand what you are asking.
Guess this has already been said, and I am no IIS guy, but:
Yea, brut force attack.
Were you able to find anything in any other logs around the same time to find the IP of the attacking machine?
Any chance of IDS logs available?
( also, was it attacking a FTP server ? )
I think the question was why both events?
The 680 event was because of the non-existent Administrator account, the 529 event was saying the attempt had a bad user name or password.
Again, I am no IIS guy, but I would think that once the attempt hit the first event it should have been stopped before hitting the second?
Or is that just me?
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
Similar Threads
-
By cheyenne1212 in forum Miscellaneous Security Discussions
Replies: 7
Last Post: February 1st, 2012, 02:51 PM
-
By sumitprateek in forum General Computer Discussions
Replies: 17
Last Post: June 23rd, 2008, 07:42 PM
-
By rpgraff in forum Spyware / Adware
Replies: 16
Last Post: August 24th, 2004, 08:01 AM
-
By netknow in forum Microsoft Security Discussions
Replies: 2
Last Post: September 5th, 2003, 04:45 PM
-
By Info Tech Geek in forum Network Security Discussions
Replies: 9
Last Post: July 30th, 2003, 07:44 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote