From 227049635a43ea2fe753716e6bae89d1b9a84032 Mon Sep 17 00:00:00 2001 From: Yusuf Ozturk Date: Mon, 29 May 2017 11:40:46 +0200 Subject: [PATCH 1/3] Typo fix for ICMP DoS Attack It is ICMP (Internet Control Message Protocol) DoS Attack. --- .../auditing/audit-other-object-access-events.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/device-security/auditing/audit-other-object-access-events.md b/windows/device-security/auditing/audit-other-object-access-events.md index 4501674589..ed9fe36ec9 100644 --- a/windows/device-security/auditing/audit-other-object-access-events.md +++ b/windows/device-security/auditing/audit-other-object-access-events.md @@ -22,9 +22,9 @@ Audit Other Object Access Events allows you to monitor operations with scheduled | Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments | |-------------------|-----------------|-----------------|------------------|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Domain Controller | Yes | Yes | Yes | Yes | We recommend Success auditing first of all because of scheduled tasks events.
We recommend Failure auditing to get events about possible ICPM DoS attack. | -| Member Server | Yes | Yes | Yes | Yes | We recommend Success auditing first of all because of scheduled tasks events.
We recommend Failure auditing to get events about possible ICPM DoS attack. | -| Workstation | Yes | Yes | Yes | Yes | We recommend Success auditing first of all because of scheduled tasks events.
We recommend Failure auditing to get events about possible ICPM DoS attack. | +| Domain Controller | Yes | Yes | Yes | Yes | We recommend Success auditing first of all because of scheduled tasks events.
We recommend Failure auditing to get events about possible ICMP DoS attack. | +| Member Server | Yes | Yes | Yes | Yes | We recommend Success auditing first of all because of scheduled tasks events.
We recommend Failure auditing to get events about possible ICMP DoS attack. | +| Workstation | Yes | Yes | Yes | Yes | We recommend Success auditing first of all because of scheduled tasks events.
We recommend Failure auditing to get events about possible ICMP DoS attack. | **Events List:** From 73bba26fd1acbe70fe43b71d07a8e66b5f516aa2 Mon Sep 17 00:00:00 2001 From: Yusuf Ozturk Date: Mon, 29 May 2017 11:46:03 +0200 Subject: [PATCH 2/3] Typo fix for ICMP DoS Attack Additional ICMP typo fix --- windows/device-security/auditing/event-5149.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/device-security/auditing/event-5149.md b/windows/device-security/auditing/event-5149.md index 24b3f6ab89..82a1d84b8e 100644 --- a/windows/device-security/auditing/event-5149.md +++ b/windows/device-security/auditing/event-5149.md @@ -15,7 +15,7 @@ author: Mir0sh - Windows Server 2016 -In most circumstances, this event occurs very rarely. It is designed to be generated when an ICPM DoS attack ended. +In most circumstances, this event occurs very rarely. It is designed to be generated when an ICMP DoS attack ended. There is no example of this event in this document. From c8182dad774388bb60bfdd9466d37b7d4b748d42 Mon Sep 17 00:00:00 2001 From: Yusuf Ozturk Date: Mon, 29 May 2017 11:47:07 +0200 Subject: [PATCH 3/3] Typo fix for ICMP DoS Attack Additional ICMP typo fix --- windows/device-security/auditing/event-5148.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/device-security/auditing/event-5148.md b/windows/device-security/auditing/event-5148.md index 7751cd9686..305afcbee8 100644 --- a/windows/device-security/auditing/event-5148.md +++ b/windows/device-security/auditing/event-5148.md @@ -15,7 +15,7 @@ author: Mir0sh - Windows Server 2016 -In most circumstances, this event occurs very rarely. It is designed to be generated when an ICPM DoS attack starts or was detected. +In most circumstances, this event occurs very rarely. It is designed to be generated when an ICMP DoS attack starts or was detected. There is no example of this event in this document.