Solved

NtLmSsp and NTLM Security Problem on Windows 2003 Standard Edition

Posted on 2004-05-02
5
3,006 Views
Last Modified: 2013-12-04
Hello
I Use Windows 2003 Standard Edition , today my friend Password in my system (we use one system) changed I find this audit in my system audit:

Event Type:      Success Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      540
Date:            5/2/2004
Time:            9:56:27 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      NS9
Description:
Successful Network Logon:
       User Name:      
       Domain:            
       Logon ID:            (0x0,0x1AE5F4)
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      SRV001
       Logon GUID:      -
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID: -
       Transited Services: -
       Source Network Address:      xxx.xxx.xxx.xxx
       Source Port:      0
--------------------
Event Type:      Success Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      538
Date:            5/2/2004
Time:            9:56:17 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      NS9
Description:
User Logoff:
       User Name:      ANONYMOUS LOGON
       Domain:            NT AUTHORITY
       Logon ID:            (0x0,0x234913)
       Logon Type:      3
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
--------------------
Event Type:      Success Audit
Event Source:      Security
Event Category:      Account Management
Event ID:      627
Date:            5/2/2004
Time:            10:12:40 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      NS9
Description:
Change Password Attempt:
       Target Account Name:      Admin123
       Target Domain:      NS9
       Target Account ID:      NS9\Admin123
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      (0x0,0x3E6)
       Privileges:      -
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


what is problem that Anonymous User can change Administrator password?!!!

- karaji
0
Comment
Question by:karaji
5 Comments
 
LVL 2

Expert Comment

by:VRAGHAVANS
ID: 10974615
Nothing to worry
Check this URL

http://is-it-true.org/nt/atips/atips155.shtml
Venkat
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 250 total points
ID: 10976711
Well - maybe there is something to worry about !

Are your friends computername NS9 ???

If not, then it could be an unknown user/computer that's doing a real logon
http://www.eventid.net/display.asp?eventid=540&eventno=9&source=Security&phase=1

If so, you should protect yourself from keyloggers ...

Cleaning your computer  - and protecting it in the future -  can't be answered with one issue.

As you can see in my url below there are at least 7 different issues, where you should decide 1 of each, or else you does'nt protect your computer at all.

The reason is, that the many different programs not always protects against each other, and each of them does'nt protect equally.

It's very important, that you study all of these issues in my knowledgebase (some of them are freeware):
http://www.tryware.dk/English/Knowledgebase/HowToProtectYourComputer.html

BTW: I'm using the Trend Micro virus-suite, and SoftScan , and haven't got any of my servers or computers infected since 1999.

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question