Re: Trace of 139 attack?

From: Windex King (WindexKing@mor-lan-d.com)
Date: 07/26/01

Previous message: dcdave: "Re: sudo for windows"
In reply to: Thor@HammerofGod.com: "Re: Trace of 139 attack?"
Next in thread: Thor@HammerofGod.com: "Re: Trace of 139 attack?"
Reply: Thor@HammerofGod.com: "Re: Trace of 139 attack?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-ID: <3B605E91.9DFE7B@mor-lan-d.com>
Date: Thu, 26 Jul 2001 14:16:49 -0400
From: Windex King <WindexKing@mor-lan-d.com>
To: FOCUS-MS@securityfocus.com
Subject: Re: Trace of 139 attack?

Thor@HammerofGod.com wrote:
>
> Just to be clear for all of the faithful readers
> out there, passprop.exe can be used to lockout the
> administrator account over network connections, but
> not for interactive logons.
>
> AD

As owentoby@WellsFargo.COM pointed out in a later post
AD's comment is "half true".

One must remember that we're talking about NT's interpretation
of a network logon as opposed to any logon via the network.

Let me explain. If I map a drive to a server it's a Type
3 logon to the remote machine which NT considers a network
logon.

If I logon to a remote NT box via an OpenSSH daemon it's
a Type 2 Advapi logon which is seen as a a *LOCAL* logon by
NT and subsequently by passprop.

Here are some other logons that are deemed local even though
they happen via the network (this is not an exhaustive list!)

- logons via Terminal Server (per owentoby's earlier comment)
- logons via WinVNC
- logons via PC Anywhere
- logons via FTP daemons
- etc.

So, when using passprop one must remember to put extra controls
on the access paths which allow "local" logon ability since
failure to do makes passprop much less effective.

W K

Previous message: dcdave: "Re: sudo for windows"
In reply to: Thor@HammerofGod.com: "Re: Trace of 139 attack?"
Next in thread: Thor@HammerofGod.com: "Re: Trace of 139 attack?"
Reply: Thor@HammerofGod.com: "Re: Trace of 139 attack?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Logon Server Unavailable
... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
(microsoft.public.windows.server.general)
Re: Logon Server Unavailable
... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
(microsoft.public.windows.server.dns)
Re: Logon Server Unavailable
... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
(microsoft.public.windows.server.networking)
Re: Logon Server Unavailable
... The server is not configured for transactions" ... "Access Denied" Message When Opening from or Saving to a Network Folder ... Logon unsuccessful: The user name you typed is the same as the user name you ... "An error occurred while renewing interface local area connection" While ...
(microsoft.public.windows.server.dns)
Re: Logon Server Unavailable
... The server is not configured for transactions" ... "Access Denied" Message When Opening from or Saving to a Network Folder ... Logon unsuccessful: The user name you typed is the same as the user name you ... "An error occurred while renewing interface local area connection" While ...
(microsoft.public.windows.server.networking)