Re: NT AUTHORITY\ANONYMOUS LOGON

From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 16 Jul 2006 20:36:51 -0500

It is normal to see these "null sessions" on a Windows computer. They can be
used for primarily networking functions such as maintenance of the browse
list that you see when you open My Network Places. However they could also
indicate that a user has unauthenticated access to a share on your computer.
In XP Home that is unavoidable since XP Home can only use simple file
sharing. If you do not want to offer shares on an XP Home computer then
disable file and print sharing on it. If you do want to offer shares then
make sure that you only share folders that you want anyone to be able to
access and of course use a firewall to protect your network.

For XP Pro computers to make sure that unauthenticated access can not be
made to network shares be sure to disable simple file sharing in Windows
Explorer/tools/folder options - view and uncheck the last option for use
simple file sharing. Also in XP Pro if you do not want to allow
unauthenticated access make sure the guest account is disabled because if it
is enabled then unauthenticated access could be allowed to shares that
include everyone for share and folder/NTFS permissions. The command net user
guest to quickly check the status of the guest account. Another thing I do
on my computers for XP Pro is to open Local Security Policy via secpol.msc
and go to local policies/user rights and find the user right for access this
computer from the network. I remove everyone and users and add authenticated
users. That will prevent unauthenticated access to a share even if the guest
account becomes enabled.

Steve

"new2this" <new2this@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B7CFDCCD-BB77-4870-B456-A2D242D246ED@xxxxxxxxxxxxxxxx

I have several occasion have this message does anyone know what it means? i
think i have someone getting into my computer is that correct?

Domain:
Logon ID: (0x0,0xC26CC4)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: OEMCOMPUTER
Logon GUID: {00000000-0000-0000-0000-000000000000}

Prev by Date: Re: Creating "Ghost CD" on XP for System Recovery
Next by Date: Re: XP Firewall Disabled - Help!
Previous by thread: Re: Creating "Ghost CD" on XP for System Recovery
Next by thread: Prevent access to Wireless Network Setup Wizard
Index(es):
- Date
- Thread

Relevant Pages

RE: Internet security on "hotspots"
... there's a setting in the security policy under Network Access where ... Now if we're talking shares, anonymous never did have access in most cases, ... Disabling the guest account - it's been disabled by default since NT 3.5, ...
(Focus-Microsoft)
RE: Remote Access
... sure how it works if there is a mixture of OSon a workgrouup network. ... there is a Home OS on a Workgroup, that Simple File Sharing has to be used as ... the face of shares and resources on stand alone workstantions. ... privleges the Guest Account provides, ...
(microsoft.public.windowsxp.security_admin)
RE: Remote Access
... sure how it works if there is a mixture of OSon a workgrouup network. ... there is a Home OS on a Workgroup, that Simple File Sharing has to be used as ... the face of shares and resources on stand alone workstantions. ... privleges the Guest Account provides, ...
(microsoft.public.windowsxp.security_admin)
Re: What password????
... : disables the guest account? ... You have to have admin privs to access Administrative shares. ... network shares, and your whole network is now infected. ... PC2 - which has working and updated antivirus but gets infected via network ...
(microsoft.public.win2000.networking)
Fwd: CERT Advisory CA-2003-08 Increased Activity Targeting Windows Shares
... poorly protected file shares. ... Intruders have been able to leverage poorly ... The network scanning associated with this activity is widespread but ... W32/Deloder attempts to compromise the Administrator ...
(Bugtraq)