Announcement

Collapse
No announcement yet.

Win2k Security Audit, anonymous logon question

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Win2k Security Audit, anonymous logon question

    Background: I began auditing some things in early March. The issue I'm asking about has only happened on one day, the 18th.

    Issue: A pile of anonymous logons. The Event ID is 538, which means it is a logoff event, and the Logon Type is 3, meaning it is a network access.

    Does anybody know why I would have a massive amount of network logoffs from ANONYMOUS LOGON, and with no logons??? I'm hoping it's something simple and that I just don't understand how it all works....

    btw: I do realize that the ANONYMOUS LOGON is a built-in thing to Win2k, but I thought I had things configured well enough that no anonymous access was permitted.

    Thanks a lot for any helpful info.

    Oh, and a screenshot showing my audit is available here.

    b
    Why do today what you can put off until tomorrow? But why put off until tomorrow what you can put off altogether?

  • #2
    question: what os are the workstations running? if they are runnign win me is the autodiscovery of actively scanning for and listing network shares turned off (folder options -> view tab -> automacialy search for network shares and printers )?

    if not maybe that is causing the event ids.

    maybe someday i will really look at win2000 vs nt 4 server instead of only running win2000 server at home but alas the day is only so long and i have games to play

    Comment


    • #3
      I'm on a LAN with a variety of OSes. I don't know anything about the ANONYMOUS LOGON events other than the info provided by Event Viewer. I have no info regarding the IP or name of the machine that had the logoffs.

      What I really don't understand is how are there logoffs when there were no logons?

      Hope this clarifies?...

      b
      Why do today what you can put off until tomorrow? But why put off until tomorrow what you can put off altogether?

      Comment


      • #4
        I don't know why you get log off's and no logon's. What i do know is that anonymous log on is there to let you to list account's and share names of computers without having to log on.

        You can turn it of by hacking the registry (don't ask me where). You probably find it in technet or in the resource kit (And maybe also an answer to why you only get logoff's)

        Grtz,
        Ed

        Comment


        • #5
          Could it be possible that it is caused by my computer being the master on the network at the time? That is a possibility, although the masters on the network are usually the linux boxes.

          b
          Why do today what you can put off until tomorrow? But why put off until tomorrow what you can put off altogether?

          Comment

          Working...
          X