NT4, IPC$, and password hashes

From: RUSSELL T. LEWIS (RUSSELL_T._LEWIS@spectralresponse.com)
Date: 07/25/02


From: "RUSSELL T. LEWIS" <RUSSELL_T._LEWIS@spectralresponse.com>
To: security-basics@securityfocus.com
Date: Thu, 25 Jul 2002 15:16:45 -0400

I've got an NT 4 SP6a Workstation that I'm hardening and I've patched it all the
way with HFNETCHK, and done ton of registry hacks, turned off services, etc.
However, if I type \\COMPUTERNAME on my network I can get a IPC$ and LoftCrack3
can extract the password hash, which I've already cracked the lanman hash. The
crack DID take forever (17days 5hrs 27min) on a p4 2.53GHz over clocked to 2.75
GHz, but I don't like the fact that the hash can be obtained.

How do I prevent LC3, or anyone from getting the password hash?
I did a few registry entries that were supposed to restrict remote registry, but
it seems that didn't work, or isn't enough.
Thanks for any help!
-Russell