Re: Problem Disabling "Null Session" on W2K3

On 2006-11-15 Alexey Vesnin wrote:
eneko.astorkiza@xxxxxxxxxxxx wrote:
I'm trying to secure some AD servers and i have a problem.

I scan then (w2k3 AD Servers) with Retina and it says that i have
"Null Session" enabled, so it shows all the domain users. (I'm doing
with a machine out of the domain)

The problem is that if i look at the RestrictAnonymous and
RestrictAnonymousSAM registry values, they are ok :-?

Someone knows why i can enumerate the domain users ???

I have also use SuperScan and the same happens.

Try Outpost Firewall Pro - or something similar. It's a well-tuned
windows firewall, and you can disable the session establishment
everywhere except the IP's needed.

Outpost (or any other personal firewall) does NOT solve the problem at
hand. The appropriate measure - as has already been suggested - is to
disable null sessions through the respective group policy.

Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Relevant Pages

  • Re: Backgroun dnoise
    ... has alredy timed that session out. ... >> If the firewall is blocking internet access to that addy, ... it is directed to Port 1099 and uses source port 53 coming from ... > even shows you that it _is_ a DNS server. ...
    (comp.security.firewalls)
  • Re: IBM-MAIN 3270 session disconnects
    ... Subject: IBM-MAIN 3270 session disconnects ... I will still accept the fact that it might be a firewall problem, ... send email to listserv@xxxxxxxxxxx with the message: GET IBM-MAIN INFO ...
    (bit.listserv.ibm-main)
  • Re: [fw-wiz] FW and TCP Sessions
    ... Statefule firewalls maintain a stateful session flow ... contains source, destination addresses, TCP sequencing ... connection object in the firewall. ...
    (Firewall-Wizards)
  • Re: Client connection keeps on dropping
    ... Does your firewall have a session timeout setting? ... My bet would be your firewall. ... is that you could test the theory by connecting them over the VPN then see ... The terminal server is within a windows NT ...
    (microsoft.public.win2000.termserv.apps)
  • Re: bind() udp behavior 2.6.8.1
    ... Allowing a high numbered udp port to remain ... The firewall should allow traffic from the same ip:port to the other ... ip:port and from no other server on the net. ... You new session is totally ...
    (Linux-Kernel)