NT Authority\Anonymous Login - Windows NT

This is a discussion on NT Authority\Anonymous Login - Windows NT ; I am running MS Window server 2003 Standard Ed. I am getting a lot of Anonymous Login in the event queue from unknow IP addresses. Here is an example of info from one of the events. Successful Network Logon: User ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: NT Authority\Anonymous Login

  1. NT Authority\Anonymous Login

    I am running MS Window server 2003 Standard Ed.

    I am getting a lot of Anonymous Login in the event queue from unknow IP
    addresses.

    Here is an example of info from one of the events.



    Successful Network Logon:
    User Name:
    Domain:
    Logon ID: (0x0,0x277091E)
    Logon Type: 3
    Logon Process: NtLmSsp
    Authentication Package: NTLM
    Workstation Name: SERVER
    Logon GUID: -
    Caller User Name: -
    Caller Domain: -
    Caller Logon ID: -
    Caller Process ID: -
    Transited Services: -
    Source Network Address: 217.164.254.123
    Source Port: 0

    We do not have an anonymous account to the best of my knowledge at least I
    did not create one.

    I only have three users set. We are not on a domain. We only have the
    workgroup name set.

    Pretty basic setup.

    MS is great about start a lot of stuff and leaving it to the users to take
    stuff out.

    I have googled the web for help. I have searched MS support pages and looked
    in some MS Server books but cannot find anything to any insight into what is
    going on.

    Can someone tell me what I need to do to stop this.

    Thanks

    Robert



  2. Re: NT Authority\Anonymous Login

    Set up a sniffer and log the traffic. Might be one of your own. Check the
    firewall logs too.

    --
    Regards
    Peter Akerstrom
    Network & Communication

    "Robert McGraw" wrote in message
    news:bqqotc$pm6$1@mozo.cc.purdue.edu...
    > I am running MS Window server 2003 Standard Ed.
    >
    > I am getting a lot of Anonymous Login in the event queue from unknow IP
    > addresses.
    >
    > Here is an example of info from one of the events.
    >
    >
    >
    > Successful Network Logon:
    > User Name:
    > Domain:
    > Logon ID: (0x0,0x277091E)
    > Logon Type: 3
    > Logon Process: NtLmSsp
    > Authentication Package: NTLM
    > Workstation Name: SERVER
    > Logon GUID: -
    > Caller User Name: -
    > Caller Domain: -
    > Caller Logon ID: -
    > Caller Process ID: -
    > Transited Services: -
    > Source Network Address: 217.164.254.123
    > Source Port: 0
    >
    > We do not have an anonymous account to the best of my knowledge at least I
    > did not create one.
    >
    > I only have three users set. We are not on a domain. We only have the
    > workgroup name set.
    >
    > Pretty basic setup.
    >
    > MS is great about start a lot of stuff and leaving it to the users to take
    > stuff out.
    >
    > I have googled the web for help. I have searched MS support pages and

    looked
    > in some MS Server books but cannot find anything to any insight into what

    is
    > going on.
    >
    > Can someone tell me what I need to do to stop this.
    >
    > Thanks
    >
    > Robert
    >
    >




+ Reply to Thread