RE: Blocking port scans on local network

From: BitWise (bitwiise_at_yeehawPlace.com)
Date: 11/30/04 

Date: Tue, 30 Nov 2004 08:09:03 -0800

Most likely they are connecting with null sessions, which is quite easy to
do. A good read on null sessions is at www.minasi.com. You'll need to
register, but it's free. Search there for 'null sessions'.

"TB0NE" wrote:

> We have some wonderful auditors in our building who will be testing our
> network security (Sarbanes-Oxlely is the bane of my existence).
>
> I noticed that one of the auditors had a copy of SolarWinds Engineering
> Edition Toolset. I suspect that they will be scanning my network etc... I ran
> one of the SolarWinds browsing utilities on my domain controller and was
> suprised at the information it returned. Specifically, it returned all of the
> users accounts in my domain! It did not return any specific information on
> those accounts but, a simple account list was still a great suprise to me.
> All of this while using an account not in my domain and on a machine that is
> not a member of my domain.
>
> The auditors do not log into my domain and their machines are not members of
> my domain. HOWEVER, their machines are issued an IP address from my DHCP
> server and they can access the Internet.
>
>
> QUESTION:
>
> Is there a way to block access to my servers (Port Scans etc..) from
> machines that are not member of the domain without adversly affecting my
> users? Using domain or group policy in the solution would be desirable.
>
> If not, what measures can I take that will limit them to Internet access only?
>
> Any and all suggestions would be greatly appreciated.
>
> Thank you,
> --
> TB0NE

Relevant Pages

  • Re: Local Accounts
    ... All 3 users had accounts on all 3 computers. ... Well maybe true but when the client machines were not in a domain we had sofware installed that we did not want to reinstall when on the domain. ... The local admin account can be useful for some system changes, ...
    (microsoft.public.windows.server.sbs)
  • Re: Crypt questions
    ... For the right account it can be decrypted if both accounts have ... If the machines are not both ... If I encrypt the harddrives on ... will a theif be able to decrypt the data? ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Disabling Interactive Logon Against Security Group
    ... Essentially this is to secure half a dozen guest accounts on domain of ... question "disable interactive logon privilages against specific OU/User ... Where I follow least privilege this is a total non-issue, as the machines ... If you set this in a GPO then the list that is to be denied that you ...
    (microsoft.public.security)
  • Re: Terminal release ip command?
    ... Apart from networking between the two machines right:-) ... pick up a single DHCP address from your ISP, ... DHCP IP addresses on your own private network and NAT taking care ... the case of free dial-up accounts where an ISP may create far more ...
    (comp.sys.mac.system)
  • Re: Domain Users to have Local Admin rights
    ... Refreshed group policy on the other machines. ... machine, that kinda startup script? ... We have various admin accounts other then administrator ...
    (microsoft.public.windows.server.security)