I have a bunch of strange stuff in my security log on my exchange server and think someone may have been trying to break into my server. The server is Windows 200 SP4 with all available updates. In my log I have this: A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. Logon Process Name: \inetinfo.exe Followed by a ton of failed login attempts for users that do not exist on my network like Administrator, root, test, admin, abc, master, webmaster, web, www, backup, server and a bunch of others. Several hundred failures in all maybe 50 or so per id. All the failed messages read like this: Logon Failure: Reason: Unknown user name or bad password User Name: backup Domain: Logon Type: 3 Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: <my servername> This server is behind my firewall but my firewall does have NAT entries to is for mail and web because it is my exchange server and my IIS server. The only pages I serve up for IIS is for corporate use. Web Interface for Citrix and webmail for exchange. Have I missed something else to lock down that allowed this to happen or is this regular stuff when I have an IIS server open to the internet? Greg ******************************************************** This Week's Sponsor - RTO Software / TScale What's keeping you from getting more from your terminal servers? Did you know, in most cases, CPU Utilization IS NOT the single biggest constraint to scaling up?! Get this free white paper to understand the real constraints & how to overcome them. SAVE MONEY by scaling-up rather than buying more servers. http://www.rtosoft.com/Enter.asp?ID=147 ********************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm