Archived from groups: microsoft.public.win2000.security (More info?)
We have been receiving many failed login attempts by
unknown users, recorded in our security event logs on our
web server. We only allow traffic to flow through ports 80
and 443 inbound on our perimeter firewall. Outbound
traffic is restricted to DNS queries only. The servers
have
been hardened and patches applied.
What we want to try to discover is what is
actually allowing somebody to enter login credentials as
there isn't as far as we are aware anywhere on the site
that permits this. Is there any way of finding this hole?
Many thanks in advance
We have been receiving many failed login attempts by
unknown users, recorded in our security event logs on our
web server. We only allow traffic to flow through ports 80
and 443 inbound on our perimeter firewall. Outbound
traffic is restricted to DNS queries only. The servers
have
been hardened and patches applied.
What we want to try to discover is what is
actually allowing somebody to enter login credentials as
there isn't as far as we are aware anywhere on the site
that permits this. Is there any way of finding this hole?
Many thanks in advance