Re: Null session in Windows XP
From: Dave Feustel (dfeustel@mindspring.com)Date: 03/28/02
- Previous message: Mark A. Smithey: "AD account lockout problem"
- In reply to: Evans, TJ: "RE: Null session in Windows XP"
- Next in thread: Tomasz Polus: "RE: Null session in Windows XP"
- Next in thread: Evans, TJ: "RE: Null session in Windows XP"
- Reply: Tomasz Polus: "RE: Null session in Windows XP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Dave Feustel" <dfeustel@mindspring.com> To: "Evans, TJ" <tjevans@kpmg.com>, <FOCUS-MS@securityfocus.com> Date: Thu, 28 Mar 2002 13:13:30 -0500
I have discovered in the past few days that, even though I specify "use NLTMv2, refuse NTLM",
I am getting anonymous logins using NLTM. I double-checked my security settings when I saw
this event data in my security log and it's set for NLTMv2 only.
I have absolutely no idea why this is happening, but I consider it a very bad sign.
----- Original Message -----
From: "Evans, TJ" <tjevans@kpmg.com>
To: <FOCUS-MS@securityfocus.com>
Sent: Wednesday, March 27, 2002 8:14 PM
Subject: RE: Null session in Windows XP
> Also worth dropping a note about ... :
> 1 The XP firewall .. this should stop any inbound connection attempt
> ...
> (I haven't actually verified this myself, I use ZAP ... which does block
> 135/139/445)
>
> 2 if your 'environment' does not prohibit it, it also may not be a bad
> idea to 'use NLTMv2 only/refuse NT/LM' ... a little more protection in that
> many "tools" do not support connecting this way and also helps prevent
> sniffing on your wire ...
>
>
> Thanks!
> TJ
- Previous message: Mark A. Smithey: "AD account lockout problem"
- In reply to: Evans, TJ: "RE: Null session in Windows XP"
- Next in thread: Tomasz Polus: "RE: Null session in Windows XP"
- Next in thread: Evans, TJ: "RE: Null session in Windows XP"
- Reply: Tomasz Polus: "RE: Null session in Windows XP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
