NT user list publically available?
From: Joey Ramone (tenrecandrew@hotmail.com)
Date: 12/22/02
- Next message: Ron Hubbard: "Something I Should Know About?"
- Previous message: Pieter: "Locking a FAT formatted HD partition?"
- Next in thread: Thor Kottelin: "Re: NT user list publically available?"
- Reply: Thor Kottelin: "Re: NT user list publically available?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: tenrecandrew@hotmail.com (Joey Ramone) Date: 22 Dec 2002 14:14:22 -0800
I've been unable to find information about this... On our NT 4.0
(.1381) server that is on the internet, periodically I'll find that
most of the accounts have been locked out. Checking the event viewer
shows a ton of these sort of entries:
Source: Security
User: NT Authority\system
Type: Failure audit
Category: logon/logoff
Logon failure: Unknown username or bad password
User name: Administrator
Domain: CHAPEL-W9Z3B8E
Logon Process: KSecDD
Workstation Name: \\CHAPEL-W9Z3B8E
The strange thing is, some of the names it's logging on as are not the
type that one could reasonably guess, and I don't see logon attempts
for combinations of non-user names. It seems that either a) non-user
names aren't logged or more likely b) someone has found a way to get a
list of usernames on the server. Is this a known hole that I haven't
patched yet?
Thanks a lot for any input
Andrew
- Next message: Ron Hubbard: "Something I Should Know About?"
- Previous message: Pieter: "Locking a FAT formatted HD partition?"
- Next in thread: Thor Kottelin: "Re: NT user list publically available?"
- Reply: Thor Kottelin: "Re: NT user list publically available?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
