Security Breach on SBS 2003

I came in after the weekend to find the following email from my server.

Source - Security
Event ID - 529
Last Occurrence - 11/03/2007 01:51
Total Occurrences - 102 *

Logon Failure:
Reason: Unknown user name or bad password
User Name: Administrator
Domain: [CompanyDomain]
Logon Type: 10
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: [Server]
Caller User Name: [Server]$
Caller Domain: [CompanyDomain]
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 6968
Transited Services: -
Source Network Address: 71.63.51.34
Source Port: 2136

Additionally, I had another error which seems to be related.

Source - SAM
Event ID - 12294
Last Occurrence - 11/03/2007 01:51
Total Occurrences - 1

The SAM database was unable to lockout the account of Administrator due to a resource error, such as a hard disk write failure (the specific error code is in the error data) . Accounts are locked after a certain number of bad passwords are provided so please consider resetting the password of the account mentioned above.

Am I right in assuming that someone has tried to hack into my server? I can see that it is a Comcast IP address, should i bother reporting it to them? Any advice on what I should do to improve my network's defence against another potentail attack?

Griffmaster

 

Yes, I think this does mean someone has tried to hack in.

To be honest, I'd be less worried about reporting it and more concerned with securing the connection they came in on. If someone has got close enough to start trying administrator passwords, then you have a hole you need to plug.

What sort of firewall do you have set up?