Unauthorized account listing from a remote system
From: Paul Haltenberg (haltenberg@yahoo.com)Date: 11/04/02
- Next message: WB IT: "Re: Unauthorized account listing from a remote system"
- Previous message: : "Re: Administrator cannot access a directory"
- Next in thread: WB IT: "Re: Unauthorized account listing from a remote system"
- Reply: WB IT: "Re: Unauthorized account listing from a remote system"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: haltenberg@yahoo.com (Paul Haltenberg) Date: 4 Nov 2002 03:44:23 -0800
My security logs on Windows NT 4.0 SP6a servers show hundreds of 529
and 539 events for last night. Looks like someone outside my LAN
attempted to login with the credentials of every user in my domain
thus locking out user accounts. First of, I wonder how could this be
possible that someone obtained user list for my domain? Second, how
could someone attempt to login from a non-domain-member computer?
Third, how do I figure out who it was (even log shows workstation name
\\ATHLON2000XP, but I don't have such workstation in my domain)?
Fourth, how do I prevent this in the future?
Any advice/comment would be greatly appreciated!
---
- Next message: WB IT: "Re: Unauthorized account listing from a remote system"
- Previous message: : "Re: Administrator cannot access a directory"
- Next in thread: WB IT: "Re: Unauthorized account listing from a remote system"
- Reply: WB IT: "Re: Unauthorized account listing from a remote system"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
