Sunday, March 22, 2009

Finding source of denial of service attacks in AD/ Conficker Virus

Open Event Viewer on DC;

And Filter on Logon/Logoff events to start off with.
Event ID is 529 for locked and 675 for logon attempts.

Client address will be listed in the failure.

No comments:

Post a Comment

span.fullpost {display:inline;}