刚才电脑收到了网络攻击。
从系统日志来看,一个来自于米国,一个来自于秘鲁。都是试图通过缺省的系统管理员帐号进行RDP链接。
攻击每三到四秒进行一次,一共15次。
这些都很正常。
唯一奇怪的是,在攻击失败后,俺的电脑居然蓝屏了!十年前俺知道WINDOWS有一漏洞可以导致蓝屏,但现在,十年过去了,漏洞依旧!俺可是WINDOWS 2008 R2 + 所有补丁!
微软也太差劲了。郁闷。
====================================
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: yyyyyyyyyyy$
Account Domain: xxxxxxxxxxxxx
Logon ID: 0x3e7
Logon Type: 10
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: administrator
Account Domain: xxxxxxxxxxxxx
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc000006a
Process Information:
Caller Process ID: 0x3c8c
Caller Process Name: C:\Windows\System32\winlogon.exe
Network Information:
Source Network Address: 50.62.15.146
Source Port: 63373
Source Network Address: 200.37.210.200
Source Port: 52628
Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
No comments:
Post a Comment