Re: Account Lockout -- ARGH

From: Matt Simmons (matts_at_wirefire.com)
Date: 08/15/03

  • Next message: Levinson, Karl: "RE: FW: Blaster vs. Kaht2, detecting Windows root kits" 
    To: "Grabowski, David" <david.grabowski@us.mizuho-sc.com>, "SecurityFocus-MS (E-mail)" <focus-ms@securityfocus.com>
Date: Fri, 15 Aug 2003 14:20:08 -0400

    I had an issue like this. In Windows 2000, Microsoft added the possibility to
    run SMB directly over TCP/IP, without the extra layer of NBT. For this they
    use TCP port 445. My belief was that it was someone from the net attempting
    to authenticate against the DC via 445. Since we don't do any WAN stuff, I
    firewalled that port at the gateway (something I should have done long ago),
    and it worked, or at least, we haven't been locked out of our accounts since
    then. Good luck!

    Matt Simmons
    Network Administrator
    Wirefire Internet Service LLC

    On Thursday 14 August 2003 04:05 pm, Grabowski, David wrote:
    > I'm running into some serious problems with users on our domain getting
    > their accounts locked out repeatedly.
    >
    > Any ideas?
    >
    > ---------------------------------------------------
    > David Grabowski
    > Mizuho Securities USA, Equity Division
    > (212) 209-9349

    ---------------------------------------------------------------------------
    Your network firewall and IDS products do not prevent Web application
    attacks - the most common form of online exploitation- resulting in Web
    defacement, data theft, sabotage and fraud.
    KaVaDo is the only company that provides a complete suite of Web
    application security products.
    Download a FREE whitepaper on "Security Policy Automation for Web
    Applications":http://www.securityfocus.com/Kavado-focus-ms
    ---------------------------------------------------------------------------

  • Next message: Levinson, Karl: "RE: FW: Blaster vs. Kaht2, detecting Windows root kits"

    Relevant Pages

    • RE: What the heck is this msblast.exe
      ... Its also worth noting that if you see 'Security Routing' in your services in ... |Your network firewall and IDS products do not prevent Web application ... |attacks - the most common form of online exploitation- resulting in Web ...
      (Focus-Microsoft)
    • RE: Vuln scan tool for web
      ... Your network Firewall and IDS products do not prevent Web application ... integrated suite of Web application security products, ... For more information on KaVaDo and to download a FREE white paper on Web ...
      (Pen-Test)
    • Administrivia: Spam threads
      ... I think that both the thread on OOO replies and the Digital Impact one are ... them because the initial discussion did have to do with security. ... Your network firewall and IDS products do not prevent Web application ...
      (Focus-Microsoft)
    • Re: Cobol data protection? Get a dog...
      ... Having just spent a couple of weeks wading through the security on a medium ... I believe that the employment of a competent Network Administrator can ... houses believe they have enough competence in house to prevent "burglaries"; ... holes" in Operating Systems and system software. ...
      (comp.lang.cobol)
    • Re: ARIN Handle IP block whois query
      ... Just use the whois web form and type the company name - ... > Your network Firewall and IDS products do not prevent Web application ... > integrated suite of Web application security products, ... > For more information on KaVaDo and to download a FREE white paper on ...
      (Pen-Test)