Event Error Logs with Event ID 538 and 540

G

Guest

I saw some logs in my Boss XP machine with SP2.
Some notable logs in Security were Event ID 538 and 540

Category : Logon/Logoff
User: NT AUTHORITY\ANONYMOUS LOGON
Source:Security
Type: Success/Audit

what is the best explanation for this? He is thinking that there is an
anonymous logging remotely to his machine?

Thank you
 
S

Steven L Umbach

Those are called "null sessions" and are common on Windows computers that
use file and print sharing and have netbios over tcp/ip enabled. They do not
mean that the computer has been hacked. Unexplained logons for users at
strange hours or a lot of failed logon events could indicate attempts of an
attack. Follow best security procedures such as keeping computer current
with critical security updates, use an antivirus that is kept current and
scans all emails, the use of hard to guess passwords, and a firewall at
least at the perimeter will go a long way to preventing compromise of a
computer. Using no or weak passwords and having too loose share/ntfs
permissions put a computer at high risk of an attack. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Event ID 538 and 540 : Security threat? 1
Unexplained 540 Events in Security log on W2K workstation in a dom 0
Event ID 538 vs 551 - strange behavior 0
Event ID 538 & 540 whenuser did not logon 4
Anonymous Logon's 1
Event ID 538/540/576 fills up Security Log!! 3
Event ID 538 Logon Type 3 NT AUTHORITY/ANONYMOUS LOGON 15
Auditing User logon/logoff events. 2

Top