Re: Anonymous, Guest login problems!!!
From: Steven L Umbach (sumbach_at_ameritech.net)
Date: 10/05/03
- Next message: sandshores: "windows update"
- Previous message: jamie: "win update"
- In reply to: loduricano: "Anonymous, Guest login problems!!!"
- Next in thread: celi: "Re: Anonymous, Guest login problems!!!"
- Reply: celi: "Re: Anonymous, Guest login problems!!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 05 Oct 2003 20:13:11 GMT
Windows is actually a pretty secure product if you configure it correctly
for your needs and pay attention to things like security updates that are
common to all operating systems, including linux [Sendmail has been keeping
my son busy as of late]. I did a quick search on Google for "linux
vulnerabilities" and came up with 579,000 matches.
To answer your question. The event ID's that you are finding are not "guest"
logons, but normal null sessions that are created by the operating system
that is used for some networking functions including maintaining the browse
list. If you do not need file and print sharing, then uninstall it and you
should see those events decrease. Null sessions are a vulnerability if
allowed from the internet which you would find as exposed netbios/cifs
ports - particularly 139 and 445. If you see more than a few failed logons
in rapid succession using known non default accounts in your security log ,
that may mean that someone has enumerated your computer through those ports.
See KB link below that explains a bit about anonymous/null connections in
Windows 2000. --- Steve
http://support.microsoft.com/?kbid=246261
"loduricano" <loduricano@aol.com> wrote in message
news:037901c38b74$c8b66650$a401280a@phx.gbl...
> I know that M$Windoze is crap regarding security, but I
> have to use it in one of the boxes at home. I use a custom
> version of Linux.
>
> Here is the problem: I get anonymous and guest logons on it.
> All the acounts have strong passwords, including the Guest
> account. The guest account is also disabled! I have tried
> deleting the guest account but it's not possible to delete
> built-in accounts. I have also run at one time or another
> Syquest, McAfee, Sygate Pro and Zone Alarm Pro with the
> same results. I just installed the latest Zone Alarm Pro
> right now, and did a complete scan using the Sygate
> security scan. I also did a full scan from ouside the
> firewall, over the LAN with NMap and other utilities. All
> the ports are stealthed! I also changed the ruleset of ZO
> to block ports 135, 137-139, 445 and others.
>
> So you tell me, how come I STILL have anonymous and guest
> logons? And what can I do to stop them?
>
> Here is a dump of the logs:
>
> Event Type: Success Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 540
> Date: 10/5/2003
> Time: 7:26:28 AM
> User: NT AUTHORITY\ANONYMOUS LOGON
> Computer: **********
> Description:
> Successful Network Logon:
> User Name:
> Domain:
> Logon ID: (0x0,0x11029)
> Logon Type: 3
> Logon Process: NtLmSsp
> Authentication Package: NTLM
> Workstation Name:
> Logon GUID: {00000000-0000-0000-0000-000000000000}
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
> Any help is apreciated.
>
> Cheers,
>
> cl.
>
> -----------------------------------------------------
> Who's fault it is that the whole internet is crawling with
> Messenger (port 1026/udp) spam from China?
>
- Next message: sandshores: "windows update"
- Previous message: jamie: "win update"
- In reply to: loduricano: "Anonymous, Guest login problems!!!"
- Next in thread: celi: "Re: Anonymous, Guest login problems!!!"
- Reply: celi: "Re: Anonymous, Guest login problems!!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
