Re: Kerberos entries in the system log

From: Cliff (cliff.bennett@johnguest.co.uk)
Date: 10/23/02 

From: "Cliff" <cliff.bennett@johnguest.co.uk>
Date: Wed, 23 Oct 2002 03:45:33 -0700

Hi Dan,
We have two subnets and the ip addresses in the logs
are coming from bothof them. The O/S's of the hosts
concerned are NT4 and Win2k. Some of the hosts
have internet access, others don't, there seems to be
no pattern to which hosts are generating the errors.

We have a Firewall between us and the internet. We
tried opening port 88/udp (outgoing and incoming), but
continued to get the errors.

Any ideas?

Cheers,
Cliff.

>-----Original Message-----
>Looks to me like you have a host requesting a ticket
granting ticket
>from your KDC that is not a member of the domain.
Is that IP on your
>network? Is port 88 open to the internet?
>
>Dan
>
>Cliff wrote:
>> Hi,
>> I hope someone can help. I keep getting entries in
the
>> system log of a Win2k DC, 3 or 4 every couple of
>> minutes.
>>
>> "The function initializesecuritycontext recieved a
>> Kerberos Error Message:
>> on logon session
>> Client Time:
>> Server Time: 9:27:51:000 10/18/2002 (null)
>> Error code: 0x7
>> KDC_ERR_S_PRINCIPAL_UNKNOWN
>> client realm:
>> Client Name:
>> Server Realm: Mydomain.com
>> Server Name: krbtgt/Mydomain.com
>> Target Name: Host/55.102.2.33@Mydomain.com
>> Error Text
>> File:
>> Line:
>> Error Data is in record data."
>>
>> Obviously the log fills up VERY quickly and I'd really
>> like to get to the bottom of it! I've tried trawling the
net
>> for an answer to no avail.
>>
>> Thanks in advance.
>
>
>.
>

Relevant Pages

  • Re: Spyware assessment techniques
    ... what others are doing in regards to spyware assessments and if anyone ... larger sampling of hosts on a network during these assessments. ... Audit logs of the systems themselves ... Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. ...
    (Pen-Test)
  • Re: Preventing abuse of CGI & PHP by spammers
    ... > they receive spam coming from hosts under my control. ... OUTGOING chain rules in iptables, ... in the logs, then that can be fixed as a matter of reconfiguration. ...
    (comp.os.linux.security)
  • Re: How to centralized logging on Solaris 10 servers (Beginner Question)
    ... collects and hosts all its user access/system activities/hardware-os ... I need to send all these logs on a very regular basis to a ... centralized locations which is another Unix server, ... it's always a good idea to look into the common standard tool for the ...
    (comp.unix.admin)
  • Re: HTTP attack looking for /sumthin ?
    ... Each time they hit they sent 5 to 6 attempts within one second, ... All logs look identical to your post. ... >Below shows 4 seperate potential attacks by 3 different hosts, this is all the activity in my logs for those three hosts, nothing more anywhere related to those three ip address. ...
    (Incidents)
  • Re: bad hosts ?
    ... > I look at the logs of my apache server and see some hosts trying the IIS ... > just infected machines, or running portscans) which people could install ... > product of the joined work? ...
    (comp.os.linux.security)
Quantcast