Anonymous Logons AND ntLmSp

I am noticing in my security logs on one of my Windows 2003 Servers that there are a number of anonymous logons (Logon Process: NtLmSp). I do not have anonymous FTP enabled Nor is NT LM Security Support Provider enabled as a service (looked at that because of NtLmSp).

At first I thought this was some sort of Windows service logging in as anonymous but when looking at the log entries, I see different Workstation Names (and IPs) for most of these logins so it would appear that these logins are coming from external users. I ran a Virus Scan on the machine to look for a Trojan Horse but the machine came up clean.

What could the anonymous logons possibly be? If people are logging into this server anonymously, how could that be when neither of the two services mentioned above are set up to allow this? The only things running on this server are IIS 6 with FTP (no anonymous logins), and Mailenable. The server is hosting a Web site but currently does not contain any sensative information. However, when an application under development is completed, there will be some sensative data on this server. I am going to hold off on moving forward on moving anything of a more sensative nature to this server until I can get a better understanding of exactly what is going on with these 'anonymous logons'. Any help would be appreciated.

 

 

 

 

Top