Hello, On a dedicated Windows 2003 server, while reviewing the Security Event Logs, I noticed a log of failed logon hacker attempts which were listed as: Event ID 529 Logon Type: 8 Logon Process: IIS Reason: Unknown user name or bad password Source IP: blank Since these were NOT related to NTLM Authentication Package (Logon Process: NtLmSsp) but, rather, IIS, I imediately knew to check if Integrated Windows Authentication was enabled on the websites hosted in ISS6. Indeed it was enabled and I immediately disabled and restarted IIS to be certain the changes were applied. What I would appreciate is a better understanding of how these attacks are carried out, as nothing in the hosted .ASP website utilizes Windows Authentication whatsoever. In addition to disabling Integrated Windows Auth in ISS, is there something that could also be added to the Windows Firewall which is engaged on this server? Thanks in advance for any insight.