RE: Event ID 7 in Windows 2000 Server Event-Log

Fri, 20 Jun 2003 10:20:15 -0700 

I am seeing this error on WIN2K KDC in my lab.

I traced the IP's back to a hacker group in Taiwan and they are trying a buffer 
overflow to change usernames and break in.

If anyone gets a better idea of the process and function call they are making, please 
forward to the list. 

My IDS is triggering on the error as well.

my  solution for now is to block that IP range at the screening router on the edge.

hope to grep the logs this weekend and try and correlate the events in IDS to the 
Win2k error log


mel

-----Original Message-----
From: Holderfield, Jason [mailto:[EMAIL PROTECTED]
Sent: Friday, June 20, 2003 8:40 AM
To: '[EMAIL PROTECTED]'
Subject: Event ID 7 in Windows 2000 Server Event-Log


I have received the error below on one of my domain controllers. Wondering
if any resolution has been found. Microsoft has no information:

Event Type:     Error
Event Source:   KDC
Event Category: None
Event ID:       7
Date:           6/18/2003
Time:           4:53:25 PM
User:           N/A
Computer:       
Description:
The Security Account Manager failed a KDC request in an unexpected way. The
error is in the data field. The account name was 
⭄竇䓹粥琞敗ِߕ崨ߕ￿￿⤀ and
lookup type 0x100.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: c0000034


Any suggestions/ideas?
Thank you,
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> 



**********************************************************************
CONFIDENTIALITY NOTICE: This message is intended only for the
lawful and specified use of the individual or entity to which it is addressed and may 
contain information that is privileged, confidential or exempt from disclosure under 
applicable law. If the reader of this message is not the intended recipient or the 
employee or agent responsible for delivering the message to the intended recipient, 
you are hereby notified that you are strictly prohibited from disclosing, printing, 
storing, disseminating, distributing or copying this communication, or admitting to 
take any action relying thereon, and doing so may be unlawful. It should be noted that 
any use of this communication outside of the intended and specified use as designated 
by the sender, may be unlawful. If you have received this communication in error, 
please notify the Regional Income Tax Agency (R.I.T.A) Operations Group @ 440-922-3275 
or via e-mail [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> and delete the message from 
your computer.  Thank You.
**********************************************************************

________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos

________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to