Announcement

Collapse
No announcement yet.

Isa 2006 anonymous logon events !!!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Isa 2006 anonymous logon events !!!

    Hello i am a beginner in ISA server. I have ISA 2006 on 2003 server enterprise.

    I use the secure NAT for distribute internet to my internal network.


    I found in my security event log many events like this:

    Event id 540

    Successful Network Logon:
    User Name:
    Domain:
    Logon ID: (0x0,0x549FF7)
    Logon Type: 3
    Logon Process: NtLmSsp
    Authentication Package: NTLM
    Workstation Name: YOUR-45A5F5A65C
    Logon GUID: -
    Caller User Name: -
    Caller Domain: -
    Caller Logon ID: -
    Caller Process ID: -
    Transited Services: -
    Source Network Address: 114.198.183.121
    Source Port: 0


    Workstation Name and Source Network Address are different in every event.

    My question is what mean that events. Is this bad ?
    If it is, how to protect from him ?


    Also have for every event 540, another event with id 538

    User Logoff:
    User Name: ANONYMOUS LOGON
    Domain: NT AUTHORITY
    Logon ID: (0x0,0x549FF7)
    Logon Type: 3


    On that server i have also DNS server that redirrects to our company internet web site.
    Could this events be the visits to this site ?

    Thank you.

  • #2
    Re: Isa 2006 anonymous logon events !!!

    Have you any publishing rules setup?
    Also for user authentication you should use the firewall client or you should configure the client as webproxy clients.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment

    Working...
    X