Anonymous Logon
Windows Server Forum Index Windows Server
Server discussion on Windows platform.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web winserverhelp.com
Anonymous Logon

 
Post new topic   Reply to topic    Windows Server Forum Index -> Security
Author Message
Ken Ford
Guest
Posted: Tue Feb 01, 2005 3:31 am    Post subject: Anonymous Logon Reply with quote
I have a dedicated server at a hosting provider that has Windows Server 2003
- Standard Edition installed.

I was reviewing my Event Log and found multiple Anonymous Logon entries.

These logons are coming from other servers located at my hosting provider.

Here is an example of a logon from the Event Viewer:

Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0x86E83E)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: DEDF142
Logon GUID: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 209.200.85.143
Source Port: 0

---------------------------------------------------------------------------------------

User Logoff:
User Name: ANONYMOUS LOGON
Domain: NT AUTHORITY
Logon ID: (0x0,0x86E83E)
Logon Type: 3

----------------------------------------------------------------------------------------

These logons are coming from two of the servers located there.

Do I need to be concerned with these anonymous logons?
Back to top
Steven L Umbach
Guest
Posted: Tue Feb 01, 2005 6:48 am    Post subject: Re: Anonymous Logon Reply with quote
I would not be too concerned as anonymous logon is used in Windows
Networking for things like maintaining the browse list and down-level client
access. If the computer you see this on has file and print sharing enabled
and it does not need it then disabling it will often eliminate those events.
Anonymous access/null sessions can be exploited to gain info such as users
and groups but your password policy and firewall should mitigate this risk
from outside attackers. What to be concerned about is failed logon attempts,
particularly many in rapid successions for default accounts such as the
administrator account. There are registry and Group Policy settings to
restrict anonymous access but it is not recommended for domain controllers
and can cause problems on other computers also. The link below explains
anonymous access more, how to restrict it, and the ramifications of doing
such. --- Steve

http://support.microsoft.com/?kbid=246261 -- middle setting referred to as
"1" is usually considered safe to implement, though does not really restrict
much.

"Ken Ford" <KenFord@discussions.microsoft.com> wrote in message
news:7952A122-7E96-4C54-8DE8-9F27E3BC86C2@microsoft.com...
Quote:
I have a dedicated server at a hosting provider that has Windows Server
2003
- Standard Edition installed.

I was reviewing my Event Log and found multiple Anonymous Logon entries.

These logons are coming from other servers located at my hosting provider.

Here is an example of a logon from the Event Viewer:

Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0x86E83E)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: DEDF142
Logon GUID: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 209.200.85.143
Source Port: 0

---------------------------------------------------------------------------------------

User Logoff:
User Name: ANONYMOUS LOGON
Domain: NT AUTHORITY
Logon ID: (0x0,0x86E83E)
Logon Type: 3

----------------------------------------------------------------------------------------

These logons are coming from two of the servers located there.

Do I need to be concerned with these anonymous logons?
Back to top
 
Post new topic   Reply to topic    Windows Server Forum Index -> Security All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




New Topics Powered by phpBB