OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Logging out of a NT server
From: Hurd, Jon (Jon.HurdQWEST.COM)
Date: Thu Sep 07 2000 - 14:28:09 CDT

By staying logged on to the server it's easy to get the admin user name with
the NBTSTAT command.

Example:

C:\WINNT\system32>nbtstat -a SERVER1

Local Area Connection 2:
Node IpAddress: [10.0.7.172] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name Type Status
    ---------------------------------------------
    SERVER1 <00> UNIQUE Registered
    DOM1 <00> GROUP Registered
    SERVER1 <20> UNIQUE Registered
    SERVER1 <03> UNIQUE Registered
    DOM1 <1E> GROUP Registered
    JHADMIN <03> UNIQUE Registered

    MAC Address = 00-50-DA-60-3A-6B

The username is JHADMIN. Logging off prevents this, though it's still
possible to get the admin username using other utilities (as explained in
Hacking Exposed) it takes a little more effort. So if it's all the same,
you're a little more secure by logging off.

Jon Hurd
System Analyst
Qwest

-----Original Message-----
From: John Marks [mailto:JMarksBTU.COM]
Sent: Friday, September 01, 2000 10:21 AM
To: FOCUS-MSSECURITYFOCUS.COM
Subject: Logging out of a NT server

Hello,

From a security prospective are there advantages to logging out of a NT
server vs. locking the console? We currently lock the console but I
wonder if there might be an advantage to logging completely out of the
server..

Thank you

John Marks