Educause Security Discussion mailing list archives
Re: Domain Controller Attacks
From: David Taylor <ltr () ISC UPENN EDU>
Date: Fri, 14 Oct 2005 11:51:45 -0400
Are these domain controllers behind a firewall? If this is a virus that is going through and is able to enumerate the accounts of the domain and launch attacks against the user accounts it would seem that null sessions are enabled on these servers. Null sessions allow anonymous enumeration of various server data which includes listing user accounts. Disabling null sessions on the servers should fix this problem for the most part. ================================================== David Taylor //Sr. Information Security Specialist University of Pennsylvania Information Security Philadelphia PA USA (215) 898-1236 http://www.upenn.edu/computing/security/ ================================================== SANS - The Twenty Most Critical Internet Security Vulnerabilities http://www.sans.org/top20/ SANS - Internet Storm Center http://isc.sans.org irc.freenode.net #dshielders http://freenode.net/ -----Original Message----- From: Wayne Bullock [mailto:wayne () FAU EDU] Sent: Friday, October 14, 2005 10:59 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Domain Controller Attacks Our Systems group that runs our Microsoft domain controllers are complaining about automated attacks that systematically attempt to breakin into accounts. Their main concern is that accounts become blocked after 3 attempts. So, this is felt by users as a DoS. The legitimate users can't authenticate. Working with Security they believe thinks it's some type of virus that appears to be going around on student's machines. Is anyone else seeing this? Wayne Bullock Associate Director, Network Services Florida Atlantic University
Current thread:
- Domain Controller Attacks Wayne Bullock (Oct 14)
- <Possible follow-ups>
- Re: Domain Controller Attacks Dave Monnier, IT Security Office, Indiana University (Oct 14)
- Re: Domain Controller Attacks Hoffman, Michael (Oct 14)
- Re: Domain Controller Attacks Beechey, Jim (Oct 14)
- Re: Domain Controller Attacks H. Morrow Long (Oct 14)
- Re: Domain Controller Attacks Wayne J. Hauber (Oct 14)
- Re: Domain Controller Attacks David Taylor (Oct 14)
- Re: Domain Controller Attacks Wayne Bullock (Oct 14)
- Re: Domain Controller Attacks Bowden, Zeb (Oct 14)
- Re: Domain Controller Attacks Wayne Bullock (Oct 14)
- Re: Domain Controller Attacks Jeff Kell (Oct 14)
- Re: Domain Controller Attacks Wayne Bullock (Oct 14)