full image - Repost: ANONYMOUS LOGON - external IP (from Reddit.com, ANONYMOUS LOGON - external IP)
Hi all, I have done a lot of research and cannot find anything that answers this particular inquiry.I have an Windows server in Azure. It is relatively bare bones. There is a public IP associated with it but all inbound connections are blocked via NSG associated with its NIC. I keep receiving security alerts due to logon events (ID 4624) with security ID: ANONYMOUS LOGONI know these events are relatively common. However, in this case they are coming from multiple external IP addresses with some malicious associations. They are using NTLMv1 so they are unsuccessful login attempts. I can recreate the specific events by running:net use \\ipc$ “” /user: “” from another server on the network (the internal IP of the server shows up in the event log rather than an external IP in this test case)I am at a loss regarding how these external IPs are even touching the server when all inbound connections are blocked. I can provide more details if requested. Any ideas would be greatly appreciated. </blockquote> <hr><h3> <hr><strong>Mining:</strong> <br> <a title="Cryptotab browser" target="_blank" href="https://cryptotabbrowser.com/12/4000343"><u>Bitcoin</u>, Cryptotab browser</a> - <a title="Pi Network, CLOUD PHONEMINING" target="_blank" href="https://minepi.com/cusidore"><u>Pi Network</u> cloud PHONE MINING</a> <br><a title="Fone, CLOUD PHONE MINING" target="_blank" href="https://play.google.com/store/apps/details?id=com.cloud.earning"><u>Fone</u>, cloud PHONE MINING</a> cod. dhvd1dkx - <a title="Mintme, PC PHONE MINING" target="_blank" href="https://www.coinimp.com/invite/86d61388-18f9-4f8b-8561-8962c67e7166">Mintme, PC PHONE MINING</a> <hr><strong>Exchanges:</strong> <br> <a title="Coinbase.com" target="_blank" href="http://coinbase.com/join/occhip_8?src=android-link">Coinbase.com</a> - <a title="Stex.com" target="_blank" href="https://stex.com/?ref=27877494">Stex.com</a> - <a title="Probit.com" target="_blank" href="https://www.probit.com/r/46858290">Probit.com</a> <hr><strong>Donations:</strong> <br> <a title="Done crypto" target="_blank" href="https://commerce.coinbase.com/checkout/140e9bb6-c4ef-4156-92cf-9c87a88fd259">Done crypto</a> </h3><br><br></div>
Social Media Icons