«
»

529/Failure Audit(MICROSOFT_AUTHENTICATION_PACKAGE_V1_0)

Ref: http://www.winvistatips.com/security-log-eventid-529-smtp-t673781.html
Ref: http://www.pcreview.co.uk/forums/thread-1596278.php

Bad guys are trying to authenticate server via port 25.
How to reproduce this log:

# Type telnet 25,and then press ENTER.
# Type EHLO domain>, and then press ENTER.
# Type AUTH LOGIN. The server responds with an encrypted prompt for your user name.
# Enter your user name encrypted in base 64. You can use one of several tools that are available to encode your user name.
# The server responds with an encrypted base 64 prompt for your password. Enter your password encrypted in base 64.
# Type MAIL FROM:, and then press ENTER. If the sender is not permitted to send mail, the SMTP server returns an error.
# Type RCPT TO:,and then press ENTER.If the recipient is not a valid recipient or the server does not accept mail for this domain, the SMTP server returns an error.
# Type DATA.

Or by using hacking tools : Xscan

Solution: You can minimizing the attack by enabling tar pitting
Ref : http://support.microsoft.com/kb/842851/en-us

This entry was posted on Monday, March 29th, 2010 at 3:23 pm and is filed under Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “529/Failure Audit(MICROSOFT_AUTHENTICATION_PACKAGE_V1_0)”

  1. Scott says:
    January 24, 2011 at 1:08 pm

    I have been trying to figure out where this error has been coming from for weeks. Than you for this simple answer that no one else knew (or I could find).

Leave a Reply