Re: NULL IPC$ Sessions
From: Michael Katz (mike@PROCINCT.COM)Date: 02/04/02
- Previous message: Smith, David: "Re: Windows Explorer"
- In reply to: Josh Santomieri: "NULL IPC$ Sessions"
- Next in thread: ThePsyko: "Re: NULL IPC$ Sessions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 4 Feb 2002 10:30:27 -0800 From: Michael Katz <mike@PROCINCT.COM> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
At 1/23/2002 12:37 PM, Josh Santomieri wrote:
> Null IPC$ sessions are a simplistic thing that are very easily
> over looked
>with the general configuration of Window NT/2000/XP computers. If your
>server is not protected with a firewall or some other type of security and a
>NULL IPC$ connection can be made any user can gather a great deal of
>information from your server.
>Here is an example of some information gathered from my server with an
>application that I created:
>\\10.10.0.253
>
>Shares:
>Groups:
>Users:
>
>Program recieves all Share, Group and User information on the server or
>workstation.
>
>All of this information is able to be gathered from any Windows NT/2000/XP
>computer that can have a NULL IPC$ session connected to it.
Josh,
You can substantially reduce the amount of information available from Null
sessions by changing the following registry key under Windows NT:
\Registry\Machine\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\RestrictNullSessAccess
Set the REG_DWORD value of the above key to 1 (default is 0).
Under Windows 2000 (and XP, I think), Click on Start | Programs |
Administrative Tools | Local Security Policy | Local Policies | Security
Options | Additional Restrictions for Anonymous Connections and change from
the default to No access without explicit anonymous permissions.
Of course, this and many other settings can be largely automated using
templates with the Security Templates and Security Configuration and
Analysis Snap-Ins that come with Windows 2000 and XP. There is a similar
feature available in Windows NT.
Michael Katz
mike@procinct.com
Procinct Security
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by Qualys - Make Your Network Secure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Go Beyond PARTIAL Security: FREE White Paper
Stop hassling with half-baked ENTERPRISE SECURITY.
FREE White Paper shows you how to ensure TOTAL security for your Internet
perimeter with the most current and most complete PROACTIVE Vulnerability
Assessment solution. Get your FREE White Paper now. Click here!
https://www.qualys.com/forms/techwhite_86.html
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Previous message: Smith, David: "Re: Windows Explorer"
- In reply to: Josh Santomieri: "NULL IPC$ Sessions"
- Next in thread: ThePsyko: "Re: NULL IPC$ Sessions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
