Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: Live Communications Server|
At least one invalid authentication signature was detected. There were <value> messages with invalid signatures in the last <value> minutes. The last one had the FROM header: sip:firstname.lastname@example.org. This could be due to a client or server which is not handling authentication correctly or it could be due to an attacker.
|English: Request a translation of the event description in plain English.|
We have seen this in Live Communication Server 2003 because a user is logging in on a computer that is not part of our domain. The user usually logs in via VPN but his massager tried to log in before the VPN was connected. Eventually the user was able to log in after the VPN was established.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated