Re: Security Question

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

No to both of them and the attacks came from an IP address in Korea. They
have stopped though. I guess he/she gave up because the password is too
complex.

--
Claus
"Gregg Hill" <bogus@xxxxxxxxxxx> wrote in message
news:uDZG95TBHHA.3380@xxxxxxxxxxxxxxxxxxxxxxx
This may not apply, but are there any ex-employees who knew the name? Or
perhaps an owner who bragged to a friend that no one could hack him?

Gregg Hill


"cjobes" <cjobes@xxxxxxxxxxxxx> wrote in message
news:ejsJS$PBHHA.3560@xxxxxxxxxxxxxxxxxxxxxxx
kj,

Thanks for the additional comments. This client Trend SCM running. It's
very unlikely that there is software on one of the user stations that
would do that. This has come from the outside. They also haven't gotten
is because the password is quite complex. But given that this was the
first time I came across this I was curious how they got the username in
the first place.

--
Claus
"kj" <kj@xxxxxxxxxxx> wrote in message
news:%23msZdRPBHHA.204@xxxxxxxxxxxxxxxxxxxxxxx
A simple ldap query will return the administrator account, but in Windows
2003 AD "anonymous" ldap queries aren't allowed. However, a logged in
user with no other special privileges can easily determine the name of
the Administrator account. While a typical user isn't going to know how
to do this (or care probably), spyware/malware or such could easily do
this under the user credentials. As Les said this "obscurity" measure
isn't a significant security layer for a determined intruder.

That said, I'm not aware of any spyware that has been found to do this,
but it is certainly possible.

--
/kj
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@xxxxxxxxxxxx>
wrote in message news:%23hIktUOBHHA.3928@xxxxxxxxxxxxxxxxxxxxxxx
SMTP tar pit feature for Microsoft Windows Server 2003

http://support.microsoft.com/kb/842851

Getting a valid email address is one thing; the planets would have to
be aligned with the stars for someone to get a valid username from an
AD harvest, but if the email address is <name>@domain.com and the user
account is <name>, then it's a no brainer.

I see quite a few installs like this - I don't really like it but it's
because of defaults. Customizing user account and email address
generation is an obscurity measure, not effective against a black hat
but keeps the dabblers moving on.

--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
----------------------
"Tell me and I'll forget. Show me and I'll remember. Involve me and
I'll understand." - Confucius


"cjobes" <cjobes@xxxxxxxxxxxxx> wrote in message
news:uEgA%23KJBHHA.1196@xxxxxxxxxxxxxxxxxxxxxxx
Les,

Can you elaborate a bit more on this?

--
Claus
"Les Connor [SBS Community Member - SBS MVP]"
<les.connor@xxxxxxxxxxxx> wrote in message
news:eMtbFTIBHHA.1220@xxxxxxxxxxxxxxxxxxxxxxx
From an AD harvest? If AD filter is on, this is one of the caveats -
hence the use of tarpitting for mitigation.

--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
----------------------
"Tell me and I'll forget. Show me and I'll remember. Involve me and
I'll understand." - Confucius


"cjobes" <cjobes@xxxxxxxxxxxxx> wrote in message
news:%23I2lDv0AHHA.144@xxxxxxxxxxxxxxxxxxxxxxx
Hi all,

A first for me, so I would like to get some feedback from other
admins.

As a standard, we always change the Administrator account name to
something else. For the first time we had a breakin attempt at one
of our clients (SBS2003/ISA2004) that was using the correct renamed
admin account name. Now, the password is pretty complex but I still
don't like the fact that 50% of the safeguard is out there. Does
anybody have an idea how an outside hacker would be able to obtain
that username?

--
Claus















.

Relevant Pages

  • Re: Security Question
    ... This client Trend SCM running. ... But given that this was the first time I came ... Administrator account. ... Les Connor [SBS Community Member - SBS MVP] ...
    (microsoft.public.windows.server.sbs)
  • Re: Security Question
    ... Administrator account. ... aligned with the stars for someone to get a valid username from an AD ... Les Connor [SBS Community Member - SBS MVP] ...
    (microsoft.public.windows.server.sbs)
  • Re: Move W2K3 server to its own OU seperate from SBS (MyBusiness) OU
    ... Les Connor wrote: ... I can't find a standard SBS policy *except* the default domain controllers ... OP, is your "server" really a domain controller, and not just a member ... local account on the member server. ...
    (microsoft.public.windows.server.sbs)
  • Preventing new accounts from inheriting internet proxy settings
    ... I recently migrated a company from SBS to a Linux/Samba solution. ... All is working fine except for a minor issue whenever a new account is ... I can fix this either by unchecking the proxy setting in the IE LAN ... the first time and I can't seem to find a key that is the 'master' ...
    (microsoft.public.windows.server.sbs)
  • Re: change administrator name
    ... Les Connor [SBS MVP] ... > Les Connor [SBS MVP] wrote: ... >> If you change the adminstrator account without also changing the ...
    (microsoft.public.windows.server.sbs)