I had this apparent hack attempt from somewhere in the South Pacific logged in Event Viewer for the Exchange Server IMC. The category is "SMTP Interface" with Events ID 4183. The text is as follows:
"Authentication attempt (AUTH LOGIN) from 211.158.76.185 as \abc failed: LogonUser() call failed with error: Logon failure: unknown user name or bad password."
Can somebody tell me what exactly is trying to be exploited, i.e. would that be an attempt to log into a mailbox with ESMTP? If I block outbound ports 135-139 will that eliminate the ability to try and log on?
TIA
EB
"Authentication attempt (AUTH LOGIN) from 211.158.76.185 as \abc failed: LogonUser() call failed with error: Logon failure: unknown user name or bad password."
Can somebody tell me what exactly is trying to be exploited, i.e. would that be an attempt to log into a mailbox with ESMTP? If I block outbound ports 135-139 will that eliminate the ability to try and log on?
TIA
EB