RE: successful anonymous login

["Adam Tuliper" <amt () gecko-software com>]

Sp1 for win2003 wont be available until early next year.. But the patches
listed in windowsupdate.com should suffice. Check add/remove programs to see
if any are installed... If not then the windowsupdate component is acting
goofy. Check specifically for the patch Kyle mentioned in an earlier email.



-----Original Message-----
From: Jose Rivera [mailto:jose () papugai com]
Sent: Tuesday, July 27, 2004 8:57 PM
To: 'Adam Tuliper'; webappsec () securityfocus com
Subject: RE: successful anonymous login

Yes, as far as I know all patches are in.

Even an update check says no updates are needed. 

Is it a given that latest service packs does not contain all NEEDED patches?

If so, does anyone have a list of what patches are needed outside of
released service packs?


-----Original Message-----
From: Adam Tuliper [mailto:amt () gecko-software com]
Sent: Tuesday, July 27, 2004 12:18 PM
To: Jose Rivera; 'Adam Tuliper'; webappsec () securityfocus com
Subject: Re: successful anonymous login

considering this was via dcom...was this machine completely patched and up
to date before this event was logged?


On Tue, 27 Jul 2004 12:12:53 -0700
 "Jose Rivera" <jose () papugai com> wrote:
> Good question. It's not like a name of a machine on my network. From 
> research, I think it stands for host on demand. Why this comes up in 
> this error tho, Im not sure. The ip is definitely from outside.
>
>
>
>
> -----Original Message-----
> From: Adam Tuliper [mailto:amt () gecko-software com]
> Sent: Tuesday, July 27, 2004 12:02 PM
> To: Jose Rivera; webappsec () securityfocus com
> Subject: Re: successful anonymous login
>
> NtLmSsp usually deals with DCOM logins.
> What workstation is HOD?
>
> On Tue, 27 Jul 2004 10:59:11 -0700
>  "Jose Rivera" <jose () papugai com> wrote:
> > We recently migrated our web server into windows 2003.
> >
> > Not sure where this is coming from...but successful
> login
> > from an
> > anonymous user doesn't sound good?
> >
> > Please help or point in the right direction.
> >
> > Thanks
> > Jose
> >
> >
> > Event Type: Success Audit
> > Event Source:       Security
> > Event Category:     Logon/Logoff 
> > Event ID:   540
> > Date:               7/27/2004
> > Time:               10:44:20 AM
> > User:               NT AUTHORITY\ANONYMOUS LOGON
> > Computer:   xxxxxx
> > Description:
> > Successful Network Logon:
> >     User Name:      
> >     Domain:         
> >     Logon ID:               (0x0,0x9BA1BD3)
> >     Logon Type:     3
> >     Logon Process:  NtLmSsp 
> >     Authentication Package: NTLM
> >     Workstation Name:       HOD
> >     Logon GUID:     -
> >     Caller User Name:       -
> >     Caller Domain:  -
> >     Caller Logon ID:        -
> >     Caller Process ID: -
> >     Transited Services: -
> >     Source Network Address: 81.60.187.145
> >     Source Port:    0
> >
> >
> > For more information, see Help and Support Center at 
> > http://go.microsoft.com/fwlink/events.asp.
---------------------------------------------------------------------
> Web mail provided by NuNet, Inc. The Premier National provider.
> http://www.nni.com/

---------------------------------------------------------------------
Web mail provided by NuNet, Inc. The Premier National provider.
http://www.nni.com/