Null session questions
From: Adrian Mink (adrian.mink@pinnaclewest.com)
Date: 09/16/02
- Next message: Chuck Abrams: "Disable Password Proctection??"
- Previous message: NeoSadist: "Re: Forgot Password"
- Next in thread: neo [mvp outlook]: "Re: Null session questions"
- Reply: neo [mvp outlook]: "Re: Null session questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Adrian Mink" <adrian.mink@pinnaclewest.com> Date: Mon, 16 Sep 2002 13:34:11 -0700
Hello,
A couple things I don't quite get I am hoping someone can explain. I have
read the MS KB explanations, please don't point me back there, I am hoping
for a different explanation!
First, what is the difference between setting RestrictAnonymous and setting
RestrictNullSessAccess? Specifically, what does each one restrict?
What is the difference between an anonymous connection and a null session?
What would the consequenses be of setting RestrictNullSessAccess = 1 in a
domain?
I thought I had a handle on this stuff, but am no longer sure I do. When I
run a nessus
scan of some systems on my domain, I get the result that anonymous null
session access is allowed.
I then set restrictanonymous = 1, which should stop enumeration of accounts
and shares, and
re-run the scan, and get the same message that null session access is
allowed and that nessus
can pull a list of SAM accounts and shares. Why is this?
Thanks for any help!
Adrian
- Next message: Chuck Abrams: "Disable Password Proctection??"
- Previous message: NeoSadist: "Re: Forgot Password"
- Next in thread: neo [mvp outlook]: "Re: Null session questions"
- Reply: neo [mvp outlook]: "Re: Null session questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
