none
Kerberos Authentication

    Question

  • When Browsing through the event viewer of my domain controller (Windows Logs-Security), I have found several audit failures from a pc. Please find below.

    A Kerberos authentication ticket (TGT) was requested.

    Account Information:
    Account Name: ASPNET
    Supplied Realm Name: MPLHQ.ORG
    User ID: NULL SID

    Service Information:
    Service Name: krbtgt/MPLHQ.ORG
    Service ID: NULL SID

    Network Information:
    Client Address: 192.168.0.139
    Client Port: 3670

    Additional Information:
    Ticket Options: 0x40810010
    Result Code: 0x6
    Ticket Encryption Type: 0xffffffff
    Pre-Authentication Type: -

    Certificate Information:
    Certificate Issuer Name:
    Certificate Serial Number:
    Certificate Thumbprint:

    Certificate information is only provided if a certificate was used for pre-authentication.

    Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.

    there are numerous like that but with different port numbers. 

    Can anyone advise on that?

    Friday, January 03, 2014 7:22 AM

Answers

  • Hiya, 

    The port seems a bit odd for a Kerberos request. Perform a scan of the PC in question for malicious software.

    Kerberos is usually 88. 

    • Marked as answer by Ashromeo Monday, January 06, 2014 4:16 AM
    Friday, January 03, 2014 8:06 AM