Re: user list
From: gazebo (anonymous_at_discussions.microsoft.com)
Date: 11/22/03
- Next message: Randy: "w2k_?????.inf"
- Previous message: Steven L Umbach: "Re: Accounts lockouted when Password Policy applied"
- In reply to: Steven L Umbach: "Re: user list"
- Next in thread: Steven L Umbach: "Re: user list"
- Reply: Steven L Umbach: "Re: user list"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 Nov 2003 18:01:40 -0800
Thanks Steve, I did remove the file and print and netbios
over tcpip. Can I disable those built in iis accounts?
I am still receiving anonymous access (success) regularly.
Who are they? I have already restricted anonymous access
as described in the ms doc.
>-----Original Message-----
>I want to add, that if for some reason a firewall is not
an option right now you can
>look at using ipsec filtering as a temporary measure. See
link below for more
>details. --- Steve
>
>http://support.microsoft.com/default.aspx?scid=kb;en-
us;304868
>
>"Steven Umbach" <n9zrou@nscomcast.com> wrote in message
>news:Togvb.201314$ao4.714306@attbi_s51...
>> I have never tried disabling netbios over tcp/ip that
way. Their reference to
>> disabling netbios over tcp/ip in wins is correct - you
also need to disable file
>> and print sharing on that nic to stop smb over port 445
as they state. I just
>> wanted to make sure that you did not disable the tcp/ip
netbios helper service
>> as it will cause problems like dns malfunctioning. I
don't know much about
>> Exchange, which may be complicating your ability to
harden the server. You may
>> want to post those issues at an Exchange newsgroup. I
think your best bet is to
>> use a firewall that blocks all inbound ports by
default, and then you open only
>> those ports needed for access. --- Steve
>>
>> "gazebo" <anonymous@discussions.microsoft.com> wrote in
message
>> news:003701c3afdf$ed141530$a001280a@phx.gbl...
>> > thanks Steve,
>> >
>> > I follow the doc provided by MS.
>> > http://msdn.microsoft.com/library/default.asp?
>> > url=/library/en-us/dnnetsec/html/THCMCh16.asp
>> > In step 4, To disable NetBIOS over TCP/IP
>> >
>> > According to that, disabling at the WINS tap is not
>> > sufficient.
>> >
>> > Gazebo
>> >
>> > >-----Original Message-----
>> > >Where did you disable nebios over tcp/ip? - do not
>> > disable the tcp/ip
>> > >netbios helper service as problems will occurr.
Nebios
>> > should be disabled in
>> > >network adapter properties\/tcp/ip\advanced\wins.
Did
>> > you try just
>> > >disabling file and print sharing? --- Steve
>> > >
>> > >"gazebo" <anonymous@discussions.microsoft.com> wrote
in
>> > message
>> > >news:0b7501c3af49$f4f360d0$a101280a@phx.gbl...
>> > >> I tried to disable netbios over TCPIP on DNS and
>> > exchange
>> > >> server. It turned out that DNS cannot be started.
And
>> > >> exchange server reported some services not started
as
>> > well.
>> > >>
>> > >> Is it the case?
>> > >>
>> > >> >-----Original Message-----
>> > >> >You do not need them for dns or IIS/FTP. --- Steve
>> > >> >
>> > >> >"gazebo" <anonymous@discussions.microsoft.com>
wrote in
>> > >> message
>> > >> >news:063901c3ae60$080ae110$a101280a@phx.gbl...
>> > >> >> But do I need those services for property
operations?
>> > >> such
>> > >> >> as IIS, DNS, FTP
>> > >> >>
>> > >> >> Gazebo
>> > >> >> >-----Original Message-----
>> > >> >> >Easily done via a null session if you have
file and
>> > >> print
>> > >> >> sharing enabled on
>> > >> >> >your network adapter connected to the internet
and
>> > you
>> > >> do
>> > >> >> not have a
>> > >> >> >firewall or it is improperly configured. Go to
>> > >> >> http://scan.sygatetech.com/
>> > >> >> >for a basic vulnerability scan and see if
sirens go
>> > off
>> > >> >> about netbios ports
>> > >> >> >being open to the world. There are free
personal
>> > >> >> firewalls available for
>> > >> >> >personal use. A firewall is only one component
in
>> > >> >> securing a network
>> > >> >> >however. --- Steve
>> > >> >> >
>> > >> >>
>> > >>
>> >
>http://www.webattack.com/Freeware/security/fwfirewall.shtm
>> > >> >> l
>> > >> >> >http://www.microsoft.com/security/protect/
>> > >> >> >http://securityadmin.info/faq.asp#harden ---
From
>> > the
>> > >> >> FAQ.
>> > >> >> >
>> > >> >> >"gazebo" <anonymous@discussions.microsoft.com>
>> > wrote in
>> > >> >> message
>> > >> >> >news:04fb01c3adc1$bfe8bc20$a601280a@phx.gbl...
>> > >> >> >> Is it possible that some external parties
retrieve
>> > >> the
>> > >> >> >> user list through the internet? If so, how to
>> > avoid
>> > >> it?
>> > >> >> >>
>> > >> >> >> It seems that my server's user list has been
>> > >> retrieved
>> > >> >> by
>> > >> >> >> some unknown parties and every night there
are
>> > >> repeated
>> > >> >> >> logon attempts every few secs using the
local user
>> > >> >> lists.
>> > >> >> >> (failed so far)
>> > >> >> >>
>> > >> >> >>
>> > >> >> >
>> > >> >> >
>> > >> >> >.
>> > >> >> >
>> > >> >
>> > >> >
>> > >> >.
>> > >> >
>> > >
>> > >
>> > >.
>> > >
>>
>>
>
>
>.
>
- Next message: Randy: "w2k_?????.inf"
- Previous message: Steven L Umbach: "Re: Accounts lockouted when Password Policy applied"
- In reply to: Steven L Umbach: "Re: user list"
- Next in thread: Steven L Umbach: "Re: user list"
- Reply: Steven L Umbach: "Re: user list"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
