Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Failure Audit for Event id 675

from [rs] Network Security [Permanent Link]
Subject: Failure Audit for Event id 675
Date: Mon, 17 Apr 2006 16:48:47 -0400
I am receiving a ton of Event 675 Failure Audits on my DC. Windows 2003 Mixed mode Domain and this is the pdc emulator. The bulk of these are arriving as follows:

Event Type:     Failure Audit
Event Source:   Security
Event Category: Account Logon
Event ID:       675
Date:           4/17/2006
Time:           4:38:56 PM
User:           NT AUTHORITY\SYSTEM
Computer:       DC01
Description:
Pre-authentication failed:
        User Name:      Admin
        User ID:                OURDOMAIN\Admin
        Service Name:   krbtgt/OURDOMAIN
        Pre-Authentication Type:        0x2
        Failure Code:   0x18
        Client Address: 127.0.0.1

I can't identify any process using this account on the DC. A reboot did not solve the issue. A lot of searching on the we has pointed to time issues dealing with kerberos but that does not seem to be it. The strange part is the client address being 127.0.0.1. Could this just be a virus out on our network reporting 127.0.0.1 as its source during authentication attempts? Has anyone seen anything like this?

-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Traceroute and Ping result save to database, Kurt Buff
Next by Date:  RE: Suggestions for a secure home network, Erin Carroll
Previous by Thread:  How to get a job in IT-Security, extremwert
Next by Thread:  RE: Failure Audit for Event id 675, Tyler, Grayling
Indexes:  [Date] [Thread] [Top] [All Lists]