locked
Brute Force Attacks RRS feed

  • Question

  • This question has been asked multiple times in this forum, but there are no answers.

    ATA is giving us indications that there are brute force attacks on several accounts. We have received this notification several times over the last few weeks.

    In all cases, when we try to research where these attacks are coming from, we find that there is NO correlating information on our domain to track down these "attacks".

    When I parse our domain security event log, there are no login attempts, there is no other information to show where these attacks are coming from.

    Tuesday, February 28, 2017 2:47 PM

All replies

  • Hello,

    Are these attacked accounts belong to the domain?

    What's the version of ATA Center running currently?


    Best regards,
    Andy Liu



    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Wednesday, March 1, 2017 2:58 AM
  • Hi there,

    Not to hijack the thread but we are experiencing the same issues.

    We have over 37k password guess attempts against 4 dc's for two honeytoken sid's and one regular account. 

    The From location shows as unknown and going through event viewer we cannot find what ip/machine the attempts are coming from.

    What is the best way to track down guess attempts from "unknown" sources?

    Best,

    Charles

    Monday, March 6, 2017 5:35 PM
  • Is there anyone that can answer this? Also, where do we put in a support ticket for ATA if not answered on this thread?
    Monday, March 13, 2017 2:05 PM
  • Bump.
    Monday, March 13, 2017 2:07 PM
  • Hello,

    You can submit a support ticket for ATA at the following URL.

    https://support.microsoft.com/en-us/assistedsupportproducts?wa=wsignin1.0#gsproductselector

    Best regards,

    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, March 24, 2017 2:53 AM