locked
Brute Force Attacks RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    This question has been asked multiple times in this forum, but there are no answers.

    ATA is giving us indications that there are brute force attacks on several accounts. We have received this notification several times over the last few weeks.

    In all cases, when we try to research where these attacks are coming from, we find that there is NO correlating information on our domain to track down these "attacks".

    When I parse our domain security event log, there are no login attempts, there is no other information to show where these attacks are coming from.

    Tuesday, February 28, 2017 2:47 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

    Are these attacked accounts belong to the domain?

    What's the version of ATA Center running currently?


    Best regards,
    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Wednesday, March 1, 2017 2:58 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi there,

    Not to hijack the thread but we are experiencing the same issues.

    We have over 37k password guess attempts against 4 dc's for two honeytoken sid's and one regular account. 

    The From location shows as unknown and going through event viewer we cannot find what ip/machine the attempts are coming from.

    What is the best way to track down guess attempts from "unknown" sources?

    Best,

    Charles

    Monday, March 6, 2017 5:35 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Is there anyone that can answer this? Also, where do we put in a support ticket for ATA if not answered on this thread?
    Monday, March 13, 2017 2:05 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Bump.
    Monday, March 13, 2017 2:07 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

    You can submit a support ticket for ATA at the following URL.

    https://support.microsoft.com/en-us/assistedsupportproducts?wa=wsignin1.0#gsproductselector

    Best regards,

    Andy Liu

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, March 24, 2017 2:53 AM