Event Error Logs with Event ID 538 and 540

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

I saw some logs in my Boss XP machine with SP2.
Some notable logs in Security were Event ID 538 and 540

Category : Logon/Logoff
User: NT AUTHORITY\ANONYMOUS LOGON
Source:Security
Type: Success/Audit

what is the best explanation for this? He is thinking that there is an
anonymous logging remotely to his machine?

Thank you

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Those are called "null sessions" and are common on Windows computers that
use file and print sharing and have netbios over tcp/ip enabled. They do not
mean that the computer has been hacked. Unexplained logons for users at
strange hours or a lot of failed logon events could indicate attempts of an
attack. Follow best security procedures such as keeping computer current
with critical security updates, use an antivirus that is kept current and
scans all emails, the use of hard to guess passwords, and a firewall at
least at the perimeter will go a long way to preventing compromise of a
computer. Using no or weak passwords and having too loose share/ntfs
permissions put a computer at high risk of an attack. --- Steve


"Orvs" <Orvs@discussions.microsoft.com> wrote in message
newsBEC8204-8352-49C9-9A10-1F931448D096@microsoft.com...
>I saw some logs in my Boss XP machine with SP2.
> Some notable logs in Security were Event ID 538 and 540
>
> Category : Logon/Logoff
> User: NT AUTHORITY\ANONYMOUS LOGON
> Source:Security
> Type: Success/Audit
>
> what is the best explanation for this? He is thinking that there is an
> anonymous logging remotely to his machine?
>
> Thank you
>
>
>