Educause Security Discussion mailing list archives
Re: Domain Controller Attacks
From: "Hoffman, Michael" <mhoffman () SBU EDU>
Date: Fri, 14 Oct 2005 11:41:43 -0400
We have seen this in the past, and it has always been a virus. We used netmon on our domain controllers to determine the IP addresses of the requests, and then cleaned the infected machines. Michael S. Hoffman Executive Director for Information Technology St. Bonaventure University mhoffman () sbu edu 716-375-2530 http://www.sbu.edu -----Original Message----- From: Wayne Bullock [mailto:wayne () FAU EDU] Sent: Friday, October 14, 2005 10:59 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Domain Controller Attacks Our Systems group that runs our Microsoft domain controllers are complaining about automated attacks that systematically attempt to breakin into accounts. Their main concern is that accounts become blocked after 3 attempts. So, this is felt by users as a DoS. The legitimate users can't authenticate. Working with Security they believe thinks it's some type of virus that appears to be going around on student's machines. Is anyone else seeing this? Wayne Bullock Associate Director, Network Services Florida Atlantic University
Current thread:
- Domain Controller Attacks Wayne Bullock (Oct 14)
- <Possible follow-ups>
- Re: Domain Controller Attacks Dave Monnier, IT Security Office, Indiana University (Oct 14)
- Re: Domain Controller Attacks Hoffman, Michael (Oct 14)
- Re: Domain Controller Attacks Beechey, Jim (Oct 14)
- Re: Domain Controller Attacks H. Morrow Long (Oct 14)
- Re: Domain Controller Attacks Wayne J. Hauber (Oct 14)
- Re: Domain Controller Attacks David Taylor (Oct 14)
- Re: Domain Controller Attacks Wayne Bullock (Oct 14)
- Re: Domain Controller Attacks Bowden, Zeb (Oct 14)
- Re: Domain Controller Attacks Wayne Bullock (Oct 14)
- Re: Domain Controller Attacks Jeff Kell (Oct 14)
- Re: Domain Controller Attacks Wayne Bullock (Oct 14)