RE: more info on a hopefully unsuccessful compromise

From: Dial Joe (joe.dialat_private)
Date: Mon Jul 14 2003 - 10:23:23 PDT

Next message: Dozal, Tim: "RE: more info on a hopefully unsuccessful compromise"

Previous message: LiNERROR: "Re: more info on a hopefully unsuccessful compromise"
Maybe in reply to: LiNERROR: "more info on a hopefully unsuccessful compromise"
Next in thread: Deus, Attonbitus: "RE: more info on a hopefully unsuccessful compromise"
Next in thread: Dozal, Tim: "RE: more info on a hopefully unsuccessful compromise"
Reply: Deus, Attonbitus: "RE: more info on a hopefully unsuccessful compromise"
Reply: David Gillett: "RE: more info on a hopefully unsuccessful compromise"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Herman,
I'll jump in on the renaming the administrator account.
First My disclaimer: I am not a (fulltime) Windows Administrator and I don't even have an MCSE, but I have been told that renaming the Administrator account is of little value (Well, actually the MCSE that told me said *no* value) since the Security ID for the Administrator account is a well known value, and this is what hacking/cracking attempts use instead of the user name.  My (so called) expert said that an NT/2K/XP script kiddie could connect to the machine and exploit it without even knowing that the Administrator account was renamed.  I (personally) usually rename it, then create a disabled guest account called administrator, just in case someone gets physical access to the machine and wants to *let their fingers do the walking*...

If anyone on this list can confirm or deny the value of renaming the Administrator account with more info than just *somebody who has been right before told me* then I would love for them to enlighten me.

Thanks,
Joe Dial


-----Original Message-----
From: Herman Sheremetyev [mailto:hermanat_private] 
Sent: Sunday, July 13, 2003 5:16 PM

A moron?  Why would you even say that?  Oh right, you're the pro and
he's the luser....And would you please enlighten everyone what exactly
is wrong with renaming the Administrator account?  Again, I don't use or
even like Windows but I've had to admin Win2k boxes in my day and can
tell you that renaming the Administrator account is actually a good
idea.  It's the only account Windows won't let you set a timeout on so
it's usually a safe bet for brute-forcing the password over the network.
However, if "some moron" renames it, you're going to be brute-forcing a
non-existent account, or better yet a non-priv'd dummy one.


----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
----------------------------------------------------------------------------

Next message: Dozal, Tim: "RE: more info on a hopefully unsuccessful compromise"
Previous message: LiNERROR: "Re: more info on a hopefully unsuccessful compromise"
Maybe in reply to: LiNERROR: "more info on a hopefully unsuccessful compromise"
Next in thread: Deus, Attonbitus: "RE: more info on a hopefully unsuccessful compromise"
Next in thread: Dozal, Tim: "RE: more info on a hopefully unsuccessful compromise"
Reply: Deus, Attonbitus: "RE: more info on a hopefully unsuccessful compromise"
Reply: David Gillett: "RE: more info on a hopefully unsuccessful compromise"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 14 2003 - 13:12:37 PDT