Keep in mind that with the RestrictAnonymous value set, SMS will not be able to detect the OS of discovered computers.
> _____________________________________________ > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Marcus Oh > Sent: Sunday, November 02, 2003 12:21 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] RestrictAnonymous Settings > > This has been a long week. We finally made the RestrictAnonymous=1 > setting this weekend to combat what looked like "Gaobot" infections > locking out thousands of accounts. Gave the PDCe a good run for the money > with all the lock/unlock activity going on. > > The odd thing is, shortly after we put the settings in place and bounced > all the domain controllers, it still happened. The bottom line being, a > two fold situation. One, an infection of sdbot, causing lockouts... the > other we discovered on a sniff of one of the DCs showing ridiculously high > # of packets originating from one machine. Finally in the clear for > now... > > Problem is, any script written to enumerate objects w/ a normal or > logged-on user account and attempt a dictionary list of passwords is going > to cause this same problem. Any of you guys have lockout policies in > place... and if so... what steps have you taken to mitigate these lockout > storms? > > Thanks! > > Marcus
<<attachment: winmail.dat>>
