WebApp Sec mailing list archives
RE: successful anonymous login
From: "Adam Tuliper" <amt () gecko-software com>
Date: Wed, 28 Jul 2004 00:13:58 -0400
Sp1 for win2003 wont be available until early next year.. But the patches listed in windowsupdate.com should suffice. Check add/remove programs to see if any are installed... If not then the windowsupdate component is acting goofy. Check specifically for the patch Kyle mentioned in an earlier email. -----Original Message----- From: Jose Rivera [mailto:jose () papugai com] Sent: Tuesday, July 27, 2004 8:57 PM To: 'Adam Tuliper'; webappsec () securityfocus com Subject: RE: successful anonymous login Yes, as far as I know all patches are in. Even an update check says no updates are needed. Is it a given that latest service packs does not contain all NEEDED patches? If so, does anyone have a list of what patches are needed outside of released service packs? -----Original Message----- From: Adam Tuliper [mailto:amt () gecko-software com] Sent: Tuesday, July 27, 2004 12:18 PM To: Jose Rivera; 'Adam Tuliper'; webappsec () securityfocus com Subject: Re: successful anonymous login considering this was via dcom...was this machine completely patched and up to date before this event was logged? On Tue, 27 Jul 2004 12:12:53 -0700 "Jose Rivera" <jose () papugai com> wrote:
Good question. It's not like a name of a machine on my network. From research, I think it stands for host on demand. Why this comes up in this error tho, Im not sure. The ip is definitely from outside. -----Original Message----- From: Adam Tuliper [mailto:amt () gecko-software com] Sent: Tuesday, July 27, 2004 12:02 PM To: Jose Rivera; webappsec () securityfocus com Subject: Re: successful anonymous login NtLmSsp usually deals with DCOM logins. What workstation is HOD? On Tue, 27 Jul 2004 10:59:11 -0700 "Jose Rivera" <jose () papugai com> wrote:We recently migrated our web server into windows 2003. Not sure where this is coming from...but successfulloginfrom an anonymous user doesn't sound good? Please help or point in the right direction. Thanks Jose Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 540 Date: 7/27/2004 Time: 10:44:20 AM User: NT AUTHORITY\ANONYMOUS LOGON Computer: xxxxxx Description: Successful Network Logon: User Name: Domain: Logon ID: (0x0,0x9BA1BD3) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: HOD Logon GUID: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 81.60.187.145 Source Port: 0 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
---------------------------------------------------------------------
Web mail provided by NuNet, Inc. The Premier National provider. http://www.nni.com/
--------------------------------------------------------------------- Web mail provided by NuNet, Inc. The Premier National provider. http://www.nni.com/
Current thread:
- RE: successful anonymous login kquest (Jul 27)
- <Possible follow-ups>
- RE: successful anonymous login Yvan Boily (Jul 27)
- RE: successful anonymous login Yvan Boily (Jul 27)
- RE: successful anonymous login Jose Rivera (Jul 27)
- RE: successful anonymous login Brewis, Mark (Jul 28)
- RE: successful anonymous login Adam Tuliper (Jul 28)