|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: successful anonymous login
From: Adam Tuliper (amt
gecko-software.com)
Date: Tue Jul 27 2004 - 23:13:58 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sp1 for win2003 wont be available until early next year.. But the patches
listed in windowsupdate.com should suffice. Check add/remove programs to see
if any are installed... If not then the windowsupdate component is acting
goofy. Check specifically for the patch Kyle mentioned in an earlier email.
-----Original Message-----
From: Jose Rivera [mailto:josepapugai.com]
Sent: Tuesday, July 27, 2004 8:57 PM
To: 'Adam Tuliper'; webappsecsecurityfocus.com
Subject: RE: successful anonymous login
Yes, as far as I know all patches are in.
Even an update check says no updates are needed.
Is it a given that latest service packs does not contain all NEEDED patches?
If so, does anyone have a list of what patches are needed outside of
released service packs?
-----Original Message-----
From: Adam Tuliper [mailto:amtgecko-software.com]
Sent: Tuesday, July 27, 2004 12:18 PM
To: Jose Rivera; 'Adam Tuliper'; webappsecsecurityfocus.com
Subject: Re: successful anonymous login
considering this was via dcom...was this machine completely patched and up
to date before this event was logged?
On Tue, 27 Jul 2004 12:12:53 -0700
"Jose Rivera" <josepapugai.com> wrote:
> Good question. It's not like a name of a machine on my network. From
> research, I think it stands for host on demand. Why this comes up in
> this error tho, Im not sure. The ip is definitely from outside.
>
>
>
>
> -----Original Message-----
> From: Adam Tuliper [mailto:amtgecko-software.com]
> Sent: Tuesday, July 27, 2004 12:02 PM
> To: Jose Rivera; webappsecsecurityfocus.com
> Subject: Re: successful anonymous login
>
> NtLmSsp usually deals with DCOM logins.
> What workstation is HOD?
>
> On Tue, 27 Jul 2004 10:59:11 -0700
> "Jose Rivera" <josepapugai.com> wrote:
> > We recently migrated our web server into windows 2003.
> >
> > Not sure where this is coming from...but successful
> login
> > from an
> > anonymous user doesn't sound good?
> >
> > Please help or point in the right direction.
> >
> > Thanks
> > Jose
> >
> >
> > Event Type: Success Audit
> > Event Source: Security
> > Event Category: Logon/Logoff
> > Event ID: 540
> > Date: 7/27/2004
> > Time: 10:44:20 AM
> > User: NT AUTHORITY\ANONYMOUS LOGON
> > Computer: xxxxxx
> > Description:
> > Successful Network Logon:
> > User Name:
> > Domain:
> > Logon ID: (0x0,0x9BA1BD3)
> > Logon Type: 3
> > Logon Process: NtLmSsp
> > Authentication Package: NTLM
> > Workstation Name: HOD
> > Logon GUID: -
> > Caller User Name: -
> > Caller Domain: -
> > Caller Logon ID: -
> > Caller Process ID: -
> > Transited Services: -
> > Source Network Address: 81.60.187.145
> > Source Port: 0
> >
> >
> > For more information, see Help and Support Center at
> > http://go.microsoft.com/fwlink/events.asp.
> >
> >
>
>
---------------------------------------------------------------------
> Web mail provided by NuNet, Inc. The Premier National provider.
> http://www.nni.com/
>
>
>
---------------------------------------------------------------------
Web mail provided by NuNet, Inc. The Premier National provider.
http://www.nni.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]