이벤트 로그에 이벤트 ID 4625 및 로그온 유형 3으로 인해 많은 감사 실패가 발생했습니다.
이 문제가 내 서버 (내부 서비스 또는 응용 프로그램)에서 발생합니까? 아니면 이것은 무차별 대입 공격입니까? 마지막으로이 로그인의 출처를 찾고 문제를 해결하려면 어떻게해야합니까?
다음은 일반 탭의 자세한 정보입니다.
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: aaman
Account Domain:
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC0000064
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: test2
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
**And this is detailed information in Detail Tab:**
+ System
- Provider
[ Name] Microsoft-Windows-Security-Auditing
[ Guid] {54849625-5478-4994-A5BA-3E3B0328C30D}
EventID 4625
Version 0
Level 0
Task 12544
Opcode 0
Keywords 0x8010000000000000
- TimeCreated
[ SystemTime] 2015-05-09T06:57:00.043746400Z
EventRecordID 2366430
Correlation
- Execution
[ ProcessID] 696
[ ThreadID] 716
Channel Security
Computer WIN-24E2M40BR7H
Security
- EventData
SubjectUserSid S-1-0-0
SubjectUserName -
SubjectDomainName -
SubjectLogonId 0x0
TargetUserSid S-1-0-0
TargetUserName aaman
TargetDomainName
Status 0xc000006d
FailureReason %%2313
SubStatus 0xc0000064
LogonType 3
LogonProcessName NtLmSsp
AuthenticationPackageName NTLM
WorkstationName test2
TransmittedServices -
LmPackageName -
KeyLength 0
ProcessId 0x0
ProcessName -
IpAddress -
IpPort -