[Dshield] User Account Locked.

Danny danny at eboundary.com
Tue Mar 25 21:18:11 GMT 2003

Are you/they blocking NetBIOS at your border either with a firewall or
router ACL's? 

If you are allowing NetBIOS to hit your domain controllers then chances
are the domains your seeing this problem with are in the process of
being brute forced. Basically the attacker grabs a list of all the users
in your domain and starts hammering away at passwords until they get the
account password.

Network Security Engineer

|->-----Original Message-----
|->From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On
|->Behalf Of Pablo Vittori
|->Sent: Tuesday, March 25, 2003 1:33 PM
|->To: list at dshield.org
|->Subject: [Dshield] User Account Locked.
|->Importance: High
|->We are an IT Consulting Firm in Argentina, since 2 or 3 weeks ago we
|->experiencing an increment of the attempts to attack the networks in
|->Today 2 of them, one with 15 users and other with more than 120 user,
|->are having the same issue, all the account of the domain of Windows
NT 4
|->have been locked. When our technician correct the account and unlock,
|->or 15 minutes later the problem is again. After several resets and
|->the problem disapear but we don't know how to correct this or the
|->of the problem.
|->In this two cases we are also using Microsoft Exchange Server 5.5.
|->Anyone hear something about a backdoor or bug over this configuration
|->and this effects.
|->We update daily with all the service packs and patches.
|->Pablo Vittori
|->Desarrollos del Sur - Argentina
|->list mailing list
|->list at dshield.org
|->To change your subscription options (or unsubscribe), see:

More information about the list mailing list