On my 2003 machine I have a bunch of Events ID 680 with unknown
accounts.
Is there a way to block these attempted hacks? Don't want them to have
the ability to try and guess an account and password.How do you secure
your server against these?


I also have Events 540 with unknown workstations ans IPs. This event
says that it is a Successful Network Logon. Is that true? What kind of
damage could they do? Right after event 540 is event 560- a Failure
Audit. Image file name c:\windows\system32\lsass.exe. Accesses
EnumerateDomains LookupDomains.
Looks like they got in but can't do anything. Anyone know what
exactly is happening? Thanks in advance for any response!