Re: Event Error Logs with Event ID 538 and 540
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/29/05
- Previous message: Steven L Umbach: "Re: Prevent users from installing software"
- In reply to: Orvs: "Event Error Logs with Event ID 538 and 540"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 29 Apr 2005 13:47:28 -0500
Those are called "null sessions" and are common on Windows computers that
use file and print sharing and have netbios over tcp/ip enabled. They do not
mean that the computer has been hacked. Unexplained logons for users at
strange hours or a lot of failed logon events could indicate attempts of an
attack. Follow best security procedures such as keeping computer current
with critical security updates, use an antivirus that is kept current and
scans all emails, the use of hard to guess passwords, and a firewall at
least at the perimeter will go a long way to preventing compromise of a
computer. Using no or weak passwords and having too loose share/ntfs
permissions put a computer at high risk of an attack. --- Steve
"Orvs" <Orvs@discussions.microsoft.com> wrote in message
news:DBEC8204-8352-49C9-9A10-1F931448D096@microsoft.com...
>I saw some logs in my Boss XP machine with SP2.
> Some notable logs in Security were Event ID 538 and 540
>
> Category : Logon/Logoff
> User: NT AUTHORITY\ANONYMOUS LOGON
> Source:Security
> Type: Success/Audit
>
> what is the best explanation for this? He is thinking that there is an
> anonymous logging remotely to his machine?
>
> Thank you
>
>
>
- Previous message: Steven L Umbach: "Re: Prevent users from installing software"
- In reply to: Orvs: "Event Error Logs with Event ID 538 and 540"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
