Network Security: Detailed info on FW: SMB credentials and Administrator lockouts

Subject:	FW: SMB credentials and Administrator lockouts
Date:	Tue, 23 Aug 2005 15:10:54 -0700

Just out of curiosity are you putting in your actual username? 

For example: localmachinename or domainuser 


If you're logging in from a network onto a system you normally have to
add the localmachinename\localmachineusername or Domainname\domainuser
if you want to log into a machine. I'm just trying to throw a bone maybe
it will help you, maybe you've already tried it. Thanks.


So try:      Localmachinename\localmachineusername or
Domainname\domainuser

 
Scott Champine
Lan Tech II
Peoria Unified School District
"Make things as simple as possible, but no simpler."  - Albert Einstein

-----Original Message-----
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of net sec
Sent: Tuesday, August 23, 2005 2:47 PM
To: nessus@list.nessus.org
Subject: RE: SMB credentials and Administrator lockouts

Still searching....I can see how I can disable default *nix logins but
not 
Windows.

We have changed our server Administrator to an alternative name but I
don't 
want to lock out 300 local workstation administrators.

Can someone throw me a bone?  I'm stuck.


----Original Message Follows----
From: "net sec" <netsec9@hotmail.com>
To: nessus@list.nessus.org
Subject: SMB credentials and Administrator lockouts
Date: Tue, 23 Aug 2005 02:22:22 +0000

I am running scans on a primarily Windows 2000/2003 subnet using my own 
credentials (NOT Administrator) as provided in the SMB login section of
the 
client(both GTK and NessusWX).  Despite having supplied credentials, I
am 
continuously locking out all Administrator(local and Domain) accounts on
all 
the devices I target.  We restrict users to 5 failed password attempts 
before locking out the account per domain policy.

After doing some additional digging via Windows Event Logs and tcpdump,
it 
is apparent that nessus is attempting to do an authentication using the
name 
'administrator' despite the supplied SMB credentials.  It appears (from 
event logs) that nessus attempts 'administrator, nessus..random_number, 
supplied SMB credentials.

Below is output from the event log of a targeted system in chronological

order:

Logon Failure:
        Reason:         Unknown user name or bad password
        User Name:      administrator

Logon Failure:
        Reason:         Unknown user name or bad password
        User Name:      nessus48095321612101650981206322540

Successful Network Logon:
        User Name:      SMBlogin
        Domain:         SMBDomain

Why is this, can I turn it off, anyone else run into this?

My Admins are NOT happy with me!


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

<Prev in Thread]	Current Thread	[Next in Thread>
SMB credentials and Administrator lockouts, net sec RE: SMB credentials and Administrator lockouts, net sec FW: SMB credentials and Administrator lockouts, Scott Champine <= RE: FW: SMB credentials and Administrator lockouts, net sec Message not available FW: SMB credentials and Administrator lockouts, Danesh RE: FW: SMB credentials and Administrator lockouts, net sec Re: FW: SMB credentials and Administrator lockouts, Danesh

Previous by Date:	RE: SMB credentials and Administrator lockouts, net sec
Next by Date:	RE: FW: SMB credentials and Administrator lockouts, net sec
Previous by Thread:	RE: SMB credentials and Administrator lockouts, net sec
Next by Thread:	RE: FW: SMB credentials and Administrator lockouts, net sec
Indexes:	[Date] [Thread] [Top] [All Lists]