security problems

  • Thread starter Thread starter token
  • Start date Start date
T

token

I've got a windows 2000 server which has an ip public, in
the security event log I can see diferents logon attempts
failures from users with domains not belonging to my
network. I think it's someone from internet trying to get
into my network, what I wonder is how they do to try to
log on into my network.
Thanks.
 
Yes it can be done with net commands and tools like Dumpsec can be used to
extract user, share and group info. To create a null session on a computer
you can use net use \\ipaddress\ipc$ "" /u:"" . After you have share and
user info you can use net use to try to connect to a share and guess a
password, with the juicy target being an administrative share. Since most do
not change the administrator name and it can not be locked out by default,
it is the top target. -- Steve

http://netsecurity.rutgers.edu/null_sessions.htm
http://www.somarsoft.com/
 
Back
Top