Results 1 to 6 of 6

Thread: Anonymouse Logins

  1. #1
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003

    Anonymous Logins

    Hey All, perhaps I haven't had enough coffee yet but I have some of these in my event log. They started a few nights ago and I just caught them today. Always at night so that in itself is malicious since they are after 5 and before 8 am, outside of working hours. I wouldn't be posting except I do not have the built in Guest and Anonymous type account enabled and I am NOT running IIS as this is a domain controller for Active Directory, platform: Windows Server 2k, mixed mode with no additional proggies loaded. Thought I would open up some suggestions while I look at it. Sometime I miss the obvious in the normal storm of day to day IT.

    Event Type: Success Audit
    Event Source: Security
    Event Category: Logon/Logoff
    Event ID: 538
    Date: 10/21/2004
    Time: 6:10:24 PM
    Computer: SERVER
    User Logoff:
    Domain: NT AUTHORITY
    Logon ID: (0x0,0x93B47D7)
    Logon Type: 3

    WTF is this? //EDIT I know that's not a lot of info. Just tossing it our in case someone can tell by experience.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  2. #2
    Senior Member
    Join Date
    Mar 2004
    I know you can see these if you have a network share being disconnected and reconnected due to a bad NIC or switchport or similar problem. Also power management may turn off a NIC only to turn it back on (on demand) through the night...Is a network application running that might do this?

    Just a few guesses..


  3. #3
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002



    Very interesting , I would presume it's some sort of application (like exchange 2000 ) that uses the anonymous account , as talked about in this article :

    Event 538

    It also talks about tightening the security some more for the anonymous account but this has some consequences .

    the logon type 3 means : Network logon - network mapping (net use/net view) so this could also be used by an application I would think.

    This Microsoft article also talks about event ID 538.

    If I find anything else I'll let you know ...

    I know it's all abit vage but , then again it's a vage subject

    Back when I was a boy, we carved our own IC's out of wood.

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Redondo Beach, CA
    IIRC, the "Anonymous" login/logoff is the System itself for items it has to do. Microsoft has some info. These Knowledge Base articles -- Part 1 and Part 2 -- might also help.

    Although at first I thought you were having a huge rodent problem (based on the title).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    I was concerned by those a year or three ago and dug into them.... It's a system issue and you don't need to worry about... I just don't remember the details....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    The more I looked the less concerned I became. It is noteworthy that they are happening at night so I'll dig a little more for fun. On a side thanks for the articles and time. I might put a packet sniffer off the nic just to see if anything funny is going on. Cheers.

    \\EDIT Rodents? Ah yes "mouse" lol I tried to change it but it was too late. Any Mouse will do. Or in this case and anonymous Mouse.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts