RE: Green Admin - Brute Force Attack - Pls Help

From: Gabriel Iovino (Iovino_at_discussions.microsoft.com)
Date: 04/23/05

  • Next message: Steven L Umbach: "Re: why got \??\ in the path ?"
    Date: Sat, 23 Apr 2005 00:03:02 -0700
    
    

    Underfire

    You might want to consider upping your lockout thresholds or abandoning them
    all together due to your strong password policy.

    Here is a good article about account lockouts:

    Implementing and Troubleshooting Account Lockout
    http://www.windowsecurity.com/articles/Implementing-Troubleshooting-Account-Lockout.html

    "Underfire Tech" wrote:

    > I am a pretty good desktop tech who has been thrust into server admin. I have
    > 2 domain controllers, one 2003, one NT and support the finance departments of
    > a small University.
    >
    > I have enabled strong passwords on the 2003 server and have setup lockouts
    > on both after 5 incorrect attempts for 5 minutes.
    >
    > Multiple machines on campus, not under my control, have been infected or
    > otherwise compromised and are walking through my userbase attempting logins
    > and locking out the accounts on both machines.
    >
    > I recently disabled anonymous SAM listing apparently to no avail.
    >
    > I am asking for any insight, help, suggestions, or anything I can do other
    > than simply letting these attemps go rampant and disabling lockout.
    >
    > Even though we use DHCP (with quite long leases) I am considering blocking
    > all TCP except from each of my users (approx 70) as this situation as it
    > stands is unacceptable and adding an IP every week or so is much better than
    > the ordeal I endured all day today.
    >
    > Thank you for your help.
    > Underfire Tech


  • Next message: Steven L Umbach: "Re: why got \??\ in the path ?"