Secutiry incidents due to logon type 3 Expand / Collapse
Author
Message
Posted 12/14/2011 4:40:08 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 3/24/2012 3:34:39 PM
Posts: 5, Visits: 1
Hello folks, we have a security log management solution but we are receiving tons of alerts regarding event id 529 with logon type 3. After investigation we find out that in all the cases is because a computer is having problems to connect with AD or because support use the local Administrator to patch systems or perform other kind of maintenance, and since we have Active Directory every time a no valid user tries to access Internet it causes access denied because this user is not a valid domain user.

So my question is there a possible scenario where logon type 3 might represent a real force attack against one of my servers?

Regards
Post #874
Posted 12/15/2011 10:52:40 AM
Expert

ExpertExpertExpertExpertExpertExpertExpertExpert

Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 329, Visits: 0
certainly.  529 is logon due to a bad password.  logon type 3 is a network logon such as to a shared folder or accessing resources on the Windows server some other way from over the network
Post #876
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 4:18am