Security Basics mailing list archives

RE: TR : event viewer log How to get more information

From: "Rick Darsey" <rdarsey () aims1 com>
Date: Thu, 10 Apr 2003 11:20:05 -0500

See this article to see how to shut down hidden shares.


http://support.microsoft.com/default.aspx?scid=kb;en-us;314984


Rick

-----Original Message-----
From: DS [mailto:dsardina () si rr com]
Sent: Wednesday, April 09, 2003 1:11 PM
To: 'dave'; security-basics () securityfocus com
Cc: SRobinson () HIPUSA com; 'Trevor Cushen'; Christian.Heroux () etsmtl ca
Subject: RE: TR : event viewer log How to get more information


I also have these in my event viewer.

Check to see if your ICP$ Share is on/open.
For some reason im thinking this is the culprit.
Looking more into it.

For XP Pro, I cannot seem to KILL the IPC$ SHARE.
It seems like the browser needs this open and certain services...hrmm not
good.

Pz.

DS-



-----Original Message-----
From: dave [mailto:dave () netmedic net]
Sent: Monday, April 07, 2003 8:10 PM
To: security-basics () securityfocus com
Cc: SRobinson () HIPUSA com; 'Trevor Cushen'; Christian.Heroux () etsmtl ca
Subject: RE: TR : event viewer log How to get more information


Hey,

Logon Type: 3 = Successful Network Logon. This event indicates that a remote
user has successfully connected from the network to a local resource.

I believe type 7 is for local logon.

http://www.eventlogscan.com/  will scan your eventlog and give you a report.

And

http://eventid.net  will give you detailed info of every event and
variations of it.


_____________________
Dave Kleiman
dave () netmedic net
www.netmedic.net


-----Original Message-----
From: "Héroux, Christian" [mailto:Christian.Heroux () etsmtl ca]
Sent: 04 April 2003 18:15
To: security-basics () securityfocus com
Subject: TR : event viewer log How to get more information


Hello all !
        I hope you can help me ! There are many event log like these one on
a user workstation windows XP. Someone logged into his station? Right? How
can I get more info to troubleshoot? Nobody is allowed in this user station.
We don`t have much info to find out what wrong. Is it a process, which
PC...Do you have any tool that could log  more detail.

Christian H.


Event Type:       Success Audit
Event Source:    Security
Event Category: Logon/Logoff
Event ID:           540
Date:                2003-04-03
Time:                09:40:15
User:                XXX\rmaraXXXX
Computer:         BISMARCK
Description:
Successful Network Logon:
            User Name:       rmaranXXX
            Domain:                        XXX
            Logon ID:                      (0x0,0x586DD0)
            Logon Type:      3
            Logon Process: NtLmSsp
            Authentication Package: NTLM
            Workstation Name:        GPA_026195
            Logon GUID:      {00000000-0000-0000-0000-000000000000}

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.



Event Type:       Failure Audit
Event Source:    Security
Event Category: Logon/Logoff
Event ID:           529
Date:                2003-04-04
Time:                02:33:06
User:                NT AUTHORITY\SYSTEM
Computer:         BISMARCK
Description:
Logon Failure:
            Reason:                        Unknown user name or bad password
            User Name:       Administrator
            Domain:                        PERF-1
            Logon Type:      3
            Logon Process: NtLmSsp
            Authentication Package: NWV1_0
            Workstation Name:        PERF-1

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.




<b>
-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection. http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free
technical support. Stop SPAM before it stops you.
-------------------------------------------------------------------
</b>


-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free
technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------




-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------

Current thread:

TR : event viewer log How to get more information Héroux, Christian (Apr 07)
- RE: TR : event viewer log How to get more information John Warnas/HintTech B.V. (Apr 08)
- <Possible follow-ups>
- RE: TR : event viewer log How to get more information Maksoudian, Gary (Apr 07)
- RE: TR : event viewer log How to get more information Robinson, Sonja (Apr 07)
- RE: TR : event viewer log How to get more information Trevor Cushen (Apr 07)
  - RE: TR : event viewer log How to get more information dave (Apr 08)
    - RE: TR : event viewer log How to get more information DS (Apr 10)
    - RE: TR : event viewer log How to get more information Rick Darsey (Apr 10)
- Re: TR : event viewer log How to get more information H Carvey (Apr 07)