Why are my win2000 user names on available to the public?

Discussion in 'Security Software' started by Rob, Jul 6, 2003.

  1. Rob

    Rob Guest

    I would like an answer to this question because by
    default This should not be public information so how can
    this be done through say IUSER accounts because I have
    seen such behavior recently. I do not believe the system
    has been really breached yet but I am upset no-one knows
    or posts any solution to the dilema or peaking at the
    list of users on a PC. Is there no way to disable such
    peaking and why didn't microsoft come up with a tweak to
    deal with the problem at all???

    It makes no sense. I see security logs showing that
    whoever is attempting privileged user entry is using real
    user names they should not know about. Why are they able
    to get this information from IUSR account. Why aren't
    there better login lockdowns available here???
     
    Rob, Jul 6, 2003
    #1
    1. Advertisements

  2. Rob

    Robert Moir Guest

    Are your network usernames and your email addresses exactly the same
    perhaps?
    What makes you so sure they are using the IUSR account to get this
    information?
    There are good tools out there. Lanwench details a few good ones.
     
    Robert Moir, Jul 6, 2003
    #2
    1. Advertisements

  3. Rob

    xe560 Guest

    there are enumeration techniques to list the user names on
    a machine with unpatched or badly configured NTLM
    responses and or open NetBios ports.

    can your netbios ports be reached from the internet?

    is this thing behind a firewall?

    try running "netstat -an" to see what ports are listening
    and investigate the ones that shouldn't be there. is it a
    trojan?

    are the default mappings for the various extensions in IIS
    deleted? you know like disabling .printer files, .ida
    files, .cert--> certificate server???

    good luck.
     
    xe560, Jul 6, 2003
    #3
  4. Rob

    Skywing Guest

    Have you run the Microsoft Baseline Security Analyzer yet? It should pick
    up on the following automatically...

    These are some steps you can take which I think will solve your problem once
    and for all (instead of just covering it up with a firewall):

    For Windows 2000: Go into Local Security Policy in Administrative Tools. Go
    to Security Options and set "Additional restrictions for anonymous
    connections" to "No access without explicit anonymous permissions".

    For Windows Server 2003, there is another setting in Local Security
    Policy -> Security Options: "Network access: Do not allow anonymous
    enumeration of SAM accounts."; enable this.
     
    Skywing, Jul 6, 2003
    #4
  5. Get your machine off the internet until you learn how to secure it. Start by buying a good firewall product or if you
    have at least XP turn on the built in firewall.
     
    Joe Richards [MVP], Jul 13, 2003
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.