RE: Null session and Exchange2K
From: Zack Berkovitz (zberkovitz@pga-inc.com)Date: 06/24/02
- Previous message: Michael S. Hobbs: "Locking Down Windows 2000 Workstation"
- Maybe in reply to: Jet Chan: "Null session and Exchange2K"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 24 Jun 2002 14:04:30 -0400 From: "Zack Berkovitz" <zberkovitz@pga-inc.com> To: "Evans, TJ" <tjevans@kpmg.com>, "Jet Chan" <jchan@trusecure.com>, <focus-ms@securityfocus.com>
Actually, Q309622 refers to the Global catalog server, rather than the
Exchange server. If
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymou
s is set to 0x2 on the GC and the security roll up is applied to the GC
server as well, then anonymous users, and Exchange 2000/Outlook, can't
access the directory to resolve names. So, you could put your Exchange
server on the Internet, unless it's also a Global Catalog server,
although this certainly would not follow any best practices for many
other reasons.
Regards,
Zack Berkovitz
Infrastructure Manager
Personnel Group of America (www.pga-inc.com)
mailto:zberkovitz@pga-inc.com
-----Original Message-----
From: Evans, TJ [mailto:tjevans@kpmg.com]
Sent: Thursday, June 20, 2002 11:39 AM
To: Jet Chan; focus-ms@securityfocus.com
Subject: RE: Null session and Exchange2K
Would you really consider placing your email server on the internet
without a firewall?? Or atleast, a filtering router blocking all
TCP+UDP 135-139?? <I know - you don't need to block the whole range, but
much easier to type :)>
... think VPN.
Thanks!
TJ
-----Original Message-----
From: Jet Chan [mailto:yenjet.chan@eglobal.com.my]
Sent: Thursday, June 20, 2002 6:39 AM
To: focus-ms@securityfocus.com
Subject: Null session and Exchange2K
*** PGP Signature Status: unknown
*** Signer: Unknown, Key ID = 0x98D83D41
*** Signed: 6/20/2002 6:38:39 AM
*** Verified: 6/20/2002 2:36:31 PM
*** BEGIN PGP VERIFIED MESSAGE ***
Greeting,
I wonder how many people got this error.
In the kb below, MS said Exchange2K cannot have restrictanonymous=0x2,
otherwise it will blocks users from browsing the Global Address List.
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q309622
So, is that means, an Exchange 2000 server cannot install SRP1 and
having restrictanonymous=0x2 ??? In this case, an Exchange 2000 server
might vulnerable to Null Session enumeration. So is the only solution
now is protect the server with firewall ?
regards,
.//Jet
*** END PGP VERIFIED MESSAGE ***
************************************************************************
*****
The information in this email is confidential and may be legally
privileged. It is intended solely for the addressee. Access to this
email by anyone else is unauthorized.
If you are not the intended recipient, any disclosure, copying,
distribution or any action taken or omitted to be taken in reliance on
it, is prohibited and may be unlawful. When addressed to our clients any
opinions or advice contained in this email are subject to the terms and
conditions expressed in
the governing KPMG client engagement letter.
************************************************************************
*****
- Previous message: Michael S. Hobbs: "Locking Down Windows 2000 Workstation"
- Maybe in reply to: Jet Chan: "Null session and Exchange2K"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
