General discussion

Locked

Anonymous Logoff Flooding

By mgrannis ·
Throughout the day, our Win2k and WinXP computers are constantly being hit by anonymous logoffs but no logons. We have all anonymous accounts turned off in Local Security Policies. We believe that it must be some sort of worm but after running Norton, McAfee, Panda and ViRobot anit-virus it has turned up nothing. We then ran SpyBot
thinking that it might be spyware, but it turned up clean. After running ZoneAlarm we have discovered that whatever is out there it attempting to access port 161,which is
the SNMP port, through an anonymous user account. We have also disabled all SNMP services to try and prevent this, but with no success. Anyone have any ideas or possibly have seen something like this before?

Mike Grannis
mgrannis@kpbs.org

Below I have attached a few of the security event logs.

Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event I 538
Date: 7/14/2003
Time: 1:35:19 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: IT3
Description:
User Logoff:
User Name: ANONYMOUS LOGON
Domain: NT AUTHORITY
Logon I (0x0,0x9D652)
Logon Type: 3

Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event I 538
Date: 7/14/2003
Time: 1:27:27 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: IT3
Description:
User Logoff:
User Name: ANONYMOUS LOGON
Domain: NT AUTHORITY
Logon I (0x0,0x9AD07)
Logon Type: 3

Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event I 538
Date: 7/14/2003
Time: 1:25:21 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: IT3
Description:
User Logoff:
User Name: ANONYMOUS LOGON
Domain: NT AUTHORITY
Logon I (0x0,0x999E8)Logon Type: 3

This conversation is currently closed to new comments.

0 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Back to IT Employment Forum
0 total posts (Page 1 of 1)  

Related Discussions

Related Forums