Forums: Can Xscan Lock Out A Network? - Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Can Xscan Lock Out A Network? I think I may have a problem.

#1 User is offline   patman657 

  • Private
  • Icon
  • Group: Members
  • Posts: 3
  • Joined: 24-October 03

Posted 30 October 2003 - 05:01 AM

It appears that XScan may be the cause of recent lockouts on my network. Every once in a while, the network locks up and won't let any users log in. Also, the email server seems to go haywire. Is it possible that XScan, using its NT-Server-Pass module directed at the domain controller, could be responsible for this problem? If so, how can this be prevented? Thank you for any help you can give me.
0

#2 User is offline   ShadowRun 

  • Corporal
  • Icon
  • Group: Specialist
  • Posts: 170
  • Joined: 01-October 03

Posted 30 October 2003 - 07:50 AM

i think it's not only NT-Server-Pass plug-in
it's rather xscan itself or windows
even when i run 3 ip's and 100 threads
my network connection is locking
i tried WebDAV and SQL modules
it may be connected with some patches from microsoft
but i don't know which one
because on clean install it's running on 20/200
and is having fine :(
0

#3 User is offline   enlightnr 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 28
  • Joined: 28-August 03

Posted 30 October 2003 - 08:09 AM

Answer is yes it is the NTPass module

Reason: Xscan does not identify account lockout times and will continually dictionary attack a user till its finished. What you'll need to do is adjust your account lockout options. If you check your event logs it should tell you more info.

Second question I have is how come you havent blocked NT ports at a firewall to stop Xscan attacking your boxes? If you have well you got someone on the inside scanning? :blink:
0

#4 Guest_HardcoreKiller_*

  • Group: Guests

Posted 30 October 2003 - 08:32 AM

Gentlemen,

Yes, as enlightnr stated above, in NTPass, it will lock any system it scans that a PASSWORD rule is applied to the local account. This will lock your Enterprise especially if you run it against ANY DOMAIN CONTROLLERS.....so try and omit them from your scan. For DC's, if you have Domain Admin rights, use LC4 (@stake, L0pht) for weak/blank passwords.

As for ShadowRun's issue I offer some observations on the XScan overall lockout. With v2.3, I would look more towards your connectivity as an issue on that one. The 2.3 tool is used often in my environment without fail. Can you try to see how many threads open, and if they actually connect/terminate properly? And why?

All other system (file/print servers, workstations, etc) that have no account rules should not be affected by lockout.

-HK
0
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

  • Share



Our Sponsors:


SwiftLayer Affiliate Web Hosting