RE: Blocking port scans on local network
From: TB0NE (TB0NE_at_discussions.microsoft.com)
Date: 11/30/04
- Next message: BitWise: "RE: Blocking port scans on local network"
- Next in thread: BitWise: "RE: Blocking port scans on local network"
- Reply: BitWise: "RE: Blocking port scans on local network"
- Reply: Steven L Umbach: "Re: Blocking port scans on local network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Nov 2004 09:23:04 -0800
Thanks BitWise.
That pointed me in the right direction. The main jist seemed to suggest a
registry change. There was a broken link posted by Mark Minasi that I'd like
to read but can't( http://www.minasidownloads.com/nws0312.htm ) It also
brings up a related question concerning Local and Domain Security Policy.
This does the same as the registry change and can be applied across the
entire domain. I'll explain...
There is a policy under Security Options in both the Local and Domain
Security Policy snap-in called "Additional restrictions for anonymous
connections" that can restrict SAM account and share enumerations. Do you (or
does anyone) know of any negative ramifications if I choose to restrict
'enumeration of SAM accounts and shares"? I am running in a pure Windows 2000
environment (Clients and Servers).
If I am running pure a W2K domain, will I see any changes in browsing or
other network services? Will this prevent non-domain users and machines from
retreiving SAM and share information?
Thanks again!
"BitWise" wrote:
> Most likely they are connecting with null sessions, which is quite easy to
> do. A good read on null sessions is at www.minasi.com. You'll need to
> register, but it's free. Search there for 'null sessions'.
>
> "TB0NE" wrote:
>
> > We have some wonderful auditors in our building who will be testing our
> > network security (Sarbanes-Oxlely is the bane of my existence).
> >
> > I noticed that one of the auditors had a copy of SolarWinds Engineering
> > Edition Toolset. I suspect that they will be scanning my network etc... I ran
> > one of the SolarWinds browsing utilities on my domain controller and was
> > suprised at the information it returned. Specifically, it returned all of the
> > users accounts in my domain! It did not return any specific information on
> > those accounts but, a simple account list was still a great suprise to me.
> > All of this while using an account not in my domain and on a machine that is
> > not a member of my domain.
> >
> > The auditors do not log into my domain and their machines are not members of
> > my domain. HOWEVER, their machines are issued an IP address from my DHCP
> > server and they can access the Internet.
> >
> >
> > QUESTION:
> >
> > Is there a way to block access to my servers (Port Scans etc..) from
> > machines that are not member of the domain without adversly affecting my
> > users? Using domain or group policy in the solution would be desirable.
> >
> > If not, what measures can I take that will limit them to Internet access only?
> >
> > Any and all suggestions would be greatly appreciated.
> >
> > Thank you,
> > --
> > TB0NE
- Next message: BitWise: "RE: Blocking port scans on local network"
- Next in thread: BitWise: "RE: Blocking port scans on local network"
- Reply: BitWise: "RE: Blocking port scans on local network"
- Reply: Steven L Umbach: "Re: Blocking port scans on local network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
