我的事件日志中有很多审核失败,事件ID为4625,登录类型为3.
原文链接:https://www.f2er.com/windows/368399.html这个问题是否构成我的服务器(内部服务或应用程序)?
或者这是暴力攻击?
最后,我如何找到此登录的来源并解决问题?
这是“常规”选项卡中的详细信息:
An account Failed to log on. Subject: Security ID: NULL SID Account Name: - Account Domain: - logon ID: 0x0 logon Type: 3 Account For Which logon Failed: Security ID: NULL SID Account Name: aaman Account Domain: Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xC000006D Sub Status: 0xC0000064 Process Information: Caller Process ID: 0x0 Caller Process Name: - Network Information: Workstation Name: test2 Source Network Address: - Source Port: - Detailed Authentication Information: logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): - Key Length: 0 **And this is detailed information in Detail Tab:** + System - Provider [ Name] Microsoft-Windows-Security-Auditing [ Guid] {54849625-5478-4994-A5BA-3E3B0328C30D} EventID 4625 Version 0 Level 0 Task 12544 Opcode 0 Keywords 0x8010000000000000 - TimeCreated [ SystemTime] 2015-05-09T06:57:00.043746400Z EventRecordID 2366430 Correlation - Execution [ ProcessID] 696 [ ThreadID] 716 Channel Security Computer WIN-24E2M40BR7H Security - EventData SubjectUserSid S-1-0-0 SubjectUserName - SubjectDomainName - SubjectlogonId 0x0 TargetUserSid S-1-0-0 TargetUserName aaman TargetDomainName Status 0xc000006d FailureReason %%2313 SubStatus 0xc0000064 logonType 3 logonProcessName NtLmSsp AuthenticationPackageName NTLM WorkstationName test2 TransmittedServices - LmPackageName - KeyLength 0 ProcessId 0x0 ProcessName - IpAddress - IpPort -
