I don't know about the best way, but one way to make this hard to do would
be to create new accounts to do the jobs of I_USE and I_WAM. Only someone
who knows the names would then be able to carry out this attack.
There's also no reason the NT name of your machine (as part of the I_USE
name) should be public knowledge; maybe netbios is not properly blocked at
the firewall/router?
-----Original Message-----
From: Brian L. Wolfsohn [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 03, 2000 1:09 PM
To: CF-Talk
Subject: OT: Security issue
Last night, one of our machines was "hacked".. we're looking into how, but
what we've been able to discover so far, is that the I_USE and I_WAM
accounts were locked out, so all the websites were, in effect, useless at
that point.
It was explained to me that the I_USE and I_WAM accounts could have been
locked out through the web when someone tried to access a protected
directory, and got the basic windows username & password box. If
I_USR_MACHINENAME is entered with an incorrect password n times, the
account would get locked out. same for I_WAM.
While i understand about accounts being locked out, it doesn't make sense
to me that i haven't head about this before. it would seem to be a major
security issue if someone could use a browser to access a protected
directory, or even easier, use FTP to try and access the domain, and put in
I_USR_ETC as the user and lock the account out by entering bad passwords
that way.
Have any of you experienced this ?? does this make any sense ?? Does
anyone have any suggestions about how to best prevent this ??
This seems like a very easy, and major, albeit easy to fix (nothing else
appeared to have been compromised, except these 2 accounts), with minimal
damage, security problem.
----------------------------------------------------------------------------
--------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a
message with 'unsubscribe' in the body to [EMAIL PROTECTED]
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]
