Still searching....I can see how I can disable default *nix logins but not
Windows.
We have changed our server Administrator to an alternative name but I don't
want to lock out 300 local workstation administrators.
Can someone throw me a bone? I'm stuck.
----Original Message Follows----
From: "net sec" <netsec9@hotmail.com>
To: nessus@list.nessus.org
Subject: SMB credentials and Administrator lockouts
Date: Tue, 23 Aug 2005 02:22:22 +0000
I am running scans on a primarily Windows 2000/2003 subnet using my own
credentials (NOT Administrator) as provided in the SMB login section of the
client(both GTK and NessusWX). Despite having supplied credentials, I am
continuously locking out all Administrator(local and Domain) accounts on all
the devices I target. We restrict users to 5 failed password attempts
before locking out the account per domain policy.
After doing some additional digging via Windows Event Logs and tcpdump, it
is apparent that nessus is attempting to do an authentication using the name
'administrator' despite the supplied SMB credentials. It appears (from
event logs) that nessus attempts 'administrator, nessus..random_number,
supplied SMB credentials.
Below is output from the event log of a targeted system in chronological
order:
Logon Failure:
Reason: Unknown user name or bad password
User Name: administrator
Logon Failure:
Reason: Unknown user name or bad password
User Name: nessus48095321612101650981206322540
Successful Network Logon:
User Name: SMBlogin
Domain: SMBDomain
Why is this, can I turn it off, anyone else run into this?
My Admins are NOT happy with me!
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
