I know the Nessus security scanner and others say to disable anonymous NULL connections. 0x1 is what I use at AOL. Also it is the default on Windows XP. Try setting it to 0x1 which is a middle of the road setting and see if it fixes your problem. It really should not break anything at that setting.
-Josh > From: "Katie La Salle-Lowery" <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > Date: Fri, 13 Jun 2003 18:23:05 -0600 > To: <[EMAIL PROTECTED]> > Subject: RE: [IMail Forum] OT; user accounts getting locked out en masse; > process is ksecdd > > We found reference to this in a few different places as well. We don't > know if any other services are using null sessions so we don't know if > we can disable it. We say something that mentioned it being used for > server->server communication. > > ~Katie > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Joshua > Levitsky > Sent: Friday, June 13, 2003 6:12 PM > To: [EMAIL PROTECTED] > Subject: Re: [IMail Forum] OT; user accounts getting locked out en > masse; process is ksecdd > > > > >> From: "Katie La Salle-Lowery" <[EMAIL PROTECTED]> >> Reply-To: [EMAIL PROTECTED] >> Date: Fri, 13 Jun 2003 17:33:03 -0600 >> To: <[EMAIL PROTECTED]> >> Subject: [IMail Forum] OT; user accounts getting locked out en masse; > >> process is ksecdd >> >> Just cuz you're such an broadly experienced group I'm going to pose my > >> problem of the day: >> >> My User Accounts (Windows network) are getting locked out en masse. >> Event viewer shows failed login attempts using process ksecdd. >> >> I'm Googling my little heart out but if anyone in this knowledgable >> group has any insight, I'd be in their debt. > > > http://archives.neohapsis.com/archives/firewalls/2001-q1/0248.html > > http://www.tek-tips.com/gpviewthread.cfm/qid/418282/pid/55/lev2/3/lev3/1 > 9 > > Some people think that it is a NULL session attack. If you scan your box > with Nessus you'll know if your box accepts NULL sessions. (By default > all windows NT / 2k boxes do.) > > Some people say that if you disable NULL sessions it will stop. > > Depending on the services your systems are required to provide, it may > be possible for you to restrict or disable anonymous null sessions on > your Windows 2000 hosts. This can be done through the > > HKLM\SYSTEM\CurrentControlSet\Control\LSA key with the following > parameters: > > Value: RestrictAnonymous > Value Type: REG_DWORD > Value Data: 0x1 or 0x2 (Hex) > According to Microsoft Knowledge Base Article Q246261 , this key can > take on the following values: > > 0x0 = None. Rely on default permissions > 0x1 = Do not allow enumeration of SAM accounts and names > 0x2 = No access without explicit anonymous permissions > > Windows XP sets the RestrictAnonymousSam key to 0x1 by default. > > -Josh > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
