20120807 - 刚才电脑收到了网络攻击。_从系统日志来看，一个来自于米国，一个来自于秘鲁。都 - GooglePlus

刚才电脑收到了网络攻击。

从系统日志来看，一个来自于米国，一个来自于秘鲁。都是试图通过缺省的系统管理员帐号进行RDP链接。

攻击每三到四秒进行一次，一共15次。

这些都很正常。

唯一奇怪的是，在攻击失败后，俺的电脑居然蓝屏了！十年前俺知道WINDOWS有一漏洞可以导致蓝屏，但现在，十年过去了，漏洞依旧！俺可是WINDOWS 2008 R2 + 所有补丁!

微软也太差劲了。郁闷。

====================================
An account failed to log on.

Subject:
Security ID: SYSTEM
Account Name: yyyyyyyyyyy$
Account Domain: xxxxxxxxxxxxx
Logon ID: 0x3e7

Logon Type: 10

Account For Which Logon Failed:
Security ID: NULL SID
Account Name: administrator
Account Domain: xxxxxxxxxxxxx

Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc000006a

Process Information:
Caller Process ID: 0x3c8c
Caller Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Source Network Address: 50.62.15.146
Source Port: 63373
Source Network Address: 200.37.210.200
Source Port: 52628

Detailed Authentication Information:
Logon Process: User32 
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.