Hmmm...
Interesting post. I tried something along similar lines, and User Manager
tells me that the Administrator account WAS locked out.
However, your message may have just led to the uncovering of another
potential security hole in a Windows NT. Time to have another chat with the
MS security guys...
Brian Steele
> -----Original Message-----
> From: Markus D�hr [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, June 09, 1999 7:17 AM
> To: 'Brian Steele'; [EMAIL PROTECTED]
> Subject: RE: Why not NT?
> Importance: High
>
>
> > Care to elaborate on this "buggy and insecure" RPC thingy?
> >
> > I thought the security problems with RPC were hotfixed ages ago.
>
> try a
>
> net use \\servername\ipc$ "" /user:""
>
> and you'll get a NULL-connect to your server.
>
> Then use NAT.EXE to guess passwords.
>
> This will work on NT 4.0 SP4. Because the administrator account never gets
> locked due to wrong logons, your can go on and on and on...
>
> Just one of them...
>
>
> --
> Markus Doehr
> IT Admin
> AUBI Baubeschl�ge GmbH
> Tel.: +49 6503 917 152
> Fax : +49 6503 917 190
> e-Mail: [EMAIL PROTECTED]
> MD1139-RIPE
> *************************
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
