Anonymous logins in Windows Security log.

G

Gary

I have security log enabled on my Win2k box & I am seeing the following :

1. In my Windows2k security log, I see anonymous login & logoff being
done. How do I figure out who is the user or, is there any application
which is doing the logon/ logoffs in my windows box ???

2. There is no anonymous user account created. Then how is it that I am
seeing * anonymous * login & logoffs being done.

This is a serious security concern for me. Any urgent helps are appreciated.

--- Gary.
 
S

Steven L Umbach

Anonymous logons are common and usual on a Windows network. Type 3 logon is a network
logon. Typically they are related to use and maintenance of the browse list that is
used to find network shares in My Network Places and this can be seen with a packet
sniffer program such as Ethereal. A firewall will prevent internet hackers from using
null sessions to gain information about your network such as share, user, computer,
and group names. These alone are not indications of a network attack. Failed logon
attempts and account lockouts would be indication of a possible attack. --- Steve

http://www.sans.org/rr/papers/index.php?id=286 -- explanation of anonymous
logons/null sessions
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Successive Anonymous Logon events in security log 3
Disabled IIS Anonymous account 3
ANONYMOUS LOGON 1
Excessive Anonymous Logons 2
Anonymous Logon 2
Anonymous Logons 3
Security log shows multiple ANONYMOUS LOGON 2
nt authority\anonymous logon in security event log 1

Top