November 27th, 2002, 02:44 PM
ok, so i got windows xp on my laptop the other day just to see what it was like(good thing i didn't have to pay for it )and im lookin around and if you got to control panel>performence>admin tool>comp managment>system tools>event viewer> security you are then seeing a list of security audits in the right side.i noticed that some of them said anon logon.i right clicked and went to properties and it brought up a box with a bunch of info.now you'll probably have to se it for your self but it was a bunch of gibberish to me.if anyone could take a look and tell me what they think,and why it was a anon logon i'd appreciate it. i have gone to microsoft.com and other dites but none gave a satisfactory explanation to what it all ment.so if some one could i'd appreciate it.thanx alot fella's
Don\'t be a bitch! Use Slackware.
November 27th, 2002, 02:51 PM
Why the heck did you post this two times? You must remember that when you mindlessly post a thread twice nobody will post twice as much info.... instead we will only dislike you and this thread twice as much as we normally would have
Do this site.... its members.... and yourself a huge favor by deleteing one of these threads that you keep spaming on the boards.
November 27th, 2002, 03:07 PM
Take it easy Specialist, he already said he screwed up on the other thread. He's a newbie and it will take him some time to figure out how to delete the first thread.
Now hatebreed2000, if you want us to look at something, you might want to post a screen shot, so we can see what the heck your talking about.
November 27th, 2002, 04:20 PM
Sound like u have the guest account turned on, just a guest though.
Every now and then, one of you won't annoy me.
November 28th, 2002, 08:01 AM
ok i deleted the other post, again i apologize.bludgeon, no i do not have the guest account turned on, i made sure that wasnt an option wheni installed it and set my account up, thank you though for the suggestion.
Don\'t be a bitch! Use Slackware.
November 28th, 2002, 09:55 PM
When I was new I used to post in the wrong threads of have alot of typos in my post. Because of one or 2 post It took me months just to get past the grey antipoint level.
I used to get atleast 3 neg. per post yet I give this guy one neg. and all of a sudden im a bad guy? Well folks..... I gotta say im sorry.....
Im sorry im wasteing my ****ing time here.....
Im sorry that I ever browsed this lame ass site....
Im sorry that you losers are so soft that you all cower everytime someone tosses a little flame....
I could care less anymore.... I joined here around the time of the "AP ALLIANCE" and I used to get atleast 7or8 of the possable 1 neg. that this guy gets.
There is nothing for me to learn here.....
Hell half of the peaple who neg.ed me are the same peaple yelling SEARCH GOOGLE MORON! and then bumping the threads so they can toss exstra neg.
And besides whatever happend to this being a security site? You guys got a senior member asking about phreaking WTF.... if that were a noobie you'd neg the hell outta 'em. I quit....
I just hope for all of your sakes that someone will step up and stop this place from becomeing another BBS or Astilavista.com
I used to like this place because it was about security and it had alot of cool peaple in it but now it has newbies who spam post!!!! **** this lame version of a usenet group!!!!!
P.S. **** you all.... I mean 1 neg. for him and then 8 neg for me WTF? Where the hell were you bitches when hundreds of other peaple got neg.ed for far less things like asking questions?
November 28th, 2002, 10:11 PM
i'm not off to such a good start at this place am i?
and much of madness, and more of sin, and horror the soul of plot. --edger allen poe
Don\'t be a bitch! Use Slackware.
November 29th, 2002, 04:56 AM
Why don't you just disable the anonymous login.
It has been posted several times, so just do a search on it. Also, you can use google.
is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
December 26th, 2002, 08:26 PM
I hope that this article will be able to answer part of your question.
The ANONYMOUS Account
NT has a feature that lets anonymous users list domain usernames and all existing shares--whether they're hidden or not. These sessions are called null sessions. NT uses ANONYMOUS accounts for system-to-system communications, and listing user information. These accounts can be a potential security risk, as the RedButton program revealed. RedButton successfully attaches to a remote NT system using a null session and reveals sensitive information from the Registry. (For details about RedButton and other security exposures and defenses, see Mark Minasi, "NT Security Scares?" and John Meixner, "Foil Attacks on Your Registry," July 1997.)
Most people don't know about the built-in ANONYMOUS account--or how to use it: But if you're auditing security events and you open your Event Viewer to examine the security logs, you might find a few entries attributed to the anonymous user. These entries are very visible because the username clearly appears next to each security log entry. Security log entries related to anonymous access don't contain much interesting information unless you're a developer, but you can see that the account exists.
To address anonymous user access, SP3 adds the ability to disable it. SP3's new built-in group, Authenticated Users, works hand-in-hand with restricting anonymous user access. This group is similar to the Everyone group, except that anonymous users (or null session connections) never become members of the Authenticated Users group. Thus, you can assign permissions and rights to most users, while omitting the dangerous ANONYMOUS account.
In a single-domain model, NT can always list account information as needed; but in a multidomain model, you can run into some restrictions if you disable the ANONYMOUS account. (The following example is derived from Microsoft's Knowledge Base article on this subject.) Say you have two NT domains: one for accounts and one for resources. The resources domain has a one-way trust relationship with the accounts domain (i.e., resources trusts accounts, but accounts doesn't trust resources). Users from the accounts domain can use the one-way trust to authenticate and access the resources domain. But suppose a user in the resources domain wants to grant some type of access to a user in the accounts domain. To select which users to grant access to, the resources domain user needs to obtain a list of users and groups from the accounts domain. How? By using a null session connection with the ANONYMOUS account. You use a null session because the one-way trust prevents the resources domain user from being authenticated for access to the accounts domain. If you disable anonymous user access, this approach won't work. The resources domain user who is trying to grant an accounts domain user privileges must proceed in one of two ways: either manually enter the known domain/username combination, or use an account from the trusted accounts domain to log on to the resources domain.
This new feature lets administrators allow only authenticated users to list account names and exclude anonymous connections. On the surface, this new feature sounds like it could hinder your ability to easily administer your domains. However, you have to consider the added security control this feature brings (to learn how to implement this functionality, see "Anonymous User Restrictions").
Multidomain NT shops can restrict anonymous connections without much loss of functionality, but plan in advance and take the proper steps before enabling this feature. In the resources domain and accounts domain example, before you enable this feature, add members of the trusted accounts domain to specific local groups. Then users logged on using accounts from the trusted accounts domain can continue to use authenticated connections to obtain a list of account names to manage security access control.
December 26th, 2002, 11:17 PM
Yes, the anonymous connection is the bane of anyone who looks at the Windows security logs. Windows allows anonymous connections by default, and it doesn't give you a real easy way of shutting them off.
Like the excellent article Meerkat posted, using the Authenticated Users group instead of the Everyone group is a good step. Check your shared folders and tweak the ACLs as needed.
You can also open up the Local Security Policy MMC snap-in on your machine, and go to Security Settings -> Local Policies -> Security Options. There is a value called "Additional Restrictions for Anonymous Connections". This is set to 0 by default, which allows anonymous SAM enumeration; change it to 2.
Also, the command prompt syntax to establish an anonymous connection is real easy:
NET USE \\REMOTEMACHINE\IPC$ "" /U:""
And there are a lot of tools out there that set up anonymous connections to get info (stuff like NBTEnum).
I suggest you get a firewall soon, if you are already seeing connection attempts.