Re: What does this mean??? Event Log Scan

As it was written on Jul 31, thus Chance Orr spake unto security-basics@sec...:

Chance:  Date: 31 Jul 2003 04:41:15 -0000
Chance:  From: Chance Orr 
Chance:  To: security-basics@securityfocus.com
Chance:  Subject: What does this mean??? Event Log Scan
Chance:
Chance:
Chance:
Chance:  07/30/2003  23:49:02  612 Audit Policy Change Success audit Critical Security SYSTEM xxxxxxxxxx
Chance:  07/30/2003  23:49:02  540 Successful Network Logon Success audit Critical Security ANONYMOUS LOGON xxxxxxxxxx
Chance:  07/30/2003  23:49:24  680 Account Used for Logon Failure audit Critical Security SYSTEM xxxxxxxxxx
Chance:  07/30/2003  23:49:24  529 LF: Bad user name/password Failure audit Critical Security SYSTEM xxxxxxxxxx
Chance:  07/30/2003  23:49:33  680 Account Used for Logon Success audit Critical Security SYSTEM xxxxxxxxxx
Chance:
Chance:  This appears in my event log everytime I start my pc. I am using a
Chance:  firewall & XP-Home
Chance:
Chance:  thanx

(disabled wrapping your message. You should try not to word-wrap logs.)

A code of 612 means that someone (in this case the SYSTEM account) was successful in changing a Policy.

A code of 680 means that someone (not the SYSTEM account) tried to log onto the computer but failed.
>From my experience, there's insufficent data in this log entry to
determine what method the SYSTEM account was using to log into the computer (Interactive, Network, Batch job, etc)

A code of 529 means that someone (not the SYSTEM account) tried to log onto the computer but the wrong password was used.

For additional information, search http://support.microsoft.com/ for "Security Event Description"

Thanks

 Scott Birl                              
http://concept.temple.edu/sysadmin/
 Senior Systems Administrator            Computer Services   Temple University

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek