RE: Green Admin - Brute Force Attack - Pls Help
From: Gabriel Iovino (Iovino_at_discussions.microsoft.com)
Date: Sat, 23 Apr 2005 00:03:02 -0700
You might want to consider upping your lockout thresholds or abandoning them
all together due to your strong password policy.
Here is a good article about account lockouts:
Implementing and Troubleshooting Account Lockout
"Underfire Tech" wrote:
> I am a pretty good desktop tech who has been thrust into server admin. I have
> 2 domain controllers, one 2003, one NT and support the finance departments of
> a small University.
> I have enabled strong passwords on the 2003 server and have setup lockouts
> on both after 5 incorrect attempts for 5 minutes.
> Multiple machines on campus, not under my control, have been infected or
> otherwise compromised and are walking through my userbase attempting logins
> and locking out the accounts on both machines.
> I recently disabled anonymous SAM listing apparently to no avail.
> I am asking for any insight, help, suggestions, or anything I can do other
> than simply letting these attemps go rampant and disabling lockout.
> Even though we use DHCP (with quite long leases) I am considering blocking
> all TCP except from each of my users (approx 70) as this situation as it
> stands is unacceptable and adding an IP every week or so is much better than
> the ordeal I endured all day today.
> Thank you for your help.
> Underfire Tech