I have a slightly concerning question. On my server when i look at event viewer, it is LOADED with failed login like the one below. The most concerning is this isn't a front facing server so i don't know where the IP addressed are getting in. All my equipment is behind a VPN and requires logging in, to even get to anything. SO I am confused on this.
An account failed to log on.
Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed: Security ID: NULL SID Account Name: Administrator Account Domain:
Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xC000006D Sub Status: 0xC000006A
Process Information: Caller Process ID: 0x0 Caller Process Name: -
Network Information: Workstation Name: WIN-SUHR516M3CE Source Network Address: 88.214.25.55 Source Port: 0
Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): - Key Length: 0
I have looked at firewall logs and don't see any matching IP's I have tried blocking some of the IP addresses but there are SOOOOO many.