Security Basics mailing list archives
RE: Locked out local admin accounts...
From: "Michael Shirk" <shirkdog () cryptomail org>
Date: Thu Aug 12 13:40:41 EDT 2004
Well, administrator accounts being locked out on local machines would be Assumed to be a virus. However, you need to setup AUDIT LOGS, to monitor connection attempts and get a network sniffer to to see what is going on with these machines and who is connecting. Google the following: NT Security Windows 2000 Security Snort Ethereal WinPCAP windump Shirkdog -----Original Message----- From: RMurphy () irvinecompany com [mailto:RMurphy () irvinecompany com] Sent: Wednesday, August 11, 2004 6:22 PM To: security-basics () securityfocus com Subject: Locked out local admin accounts... Importance: Low In our environment today, local administrator accounts on workstations and servers have been getting locked out at an alarming rate. Nothing crazy is standing out on the IDS, and the security logs on the machines that are having the administrator account locked out aren't showing any login attempts. What could be going on here? We're a Win2000 environment, and domain accounts seem to be unaffected, it's only the local administrator accounts that are getting locked. This is very bizarre. Thanks for your help, Ryan Murphy ============================= Notice to recipient: This e-mail is meant for only the intended recipient of the transmission, and may be a confidential communication or a communication privileged by law. If you received this e-mail in error, any review, use, dissemination, distribution, or copying of this e-mail is strictly prohibited. Please notify us immediately of the error by return e-mail and please delete this message from your system. Thank you in advance for your cooperation. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- !+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+ CryptoMail provides free end-to-end message encryption. http://www.cryptomail.org/ Ensure your right to privacy. Traditional email messages are not secure. They are sent as clear-text and thus are readable by anyone with the motivation to acquire a copy. !+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+ --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Locked out local admin accounts... Ryan Murphy (Aug 12)
- Re: Locked out local admin accounts... Miles Stevenson (Aug 13)
- Re: Locked out local admin accounts... Paul Kurczaba (Aug 13)
- Re: Locked out local admin accounts... p4ck3t_5t0rM (Aug 13)
- RE: Locked out local admin accounts... Dinis Cruz (Aug 13)
- RE: Locked out local admin accounts... Ed Spencer (Aug 13)
- Re: Locked out local admin accounts... Kazumi Amano (Aug 13)
- <Possible follow-ups>
- RE: Locked out local admin accounts... Dinis Cruz (Aug 13)
- RE: Locked out local admin accounts... Michael Shirk (Aug 13)