Click here to get back home

Null Sessions
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Null Sessions Dan Moesch 07-13-2007
Posted by Dan Moesch on July 13, 2007, 4:00 pm
Please log in for more thread options
 I am trying to determine what is causing all of my W2K servers to be allowing
"Null Sessions".
I have changed the "restrictanonymous" reg values to 2 and check the local
policy settings on the servers per this ms doc:
http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b246261

Evidently something is still causing these servers to respond to "Null
Sessions". The Windows 2003 servers that have the same GPO settings do not
respond to the Null Session requests?

Anyone ever see this before?

Thanks!
Dan

Posted by jwgoerlich on July 13, 2007, 4:13 pm
Please log in for more thread options
 Hello Dan,

I would be happy to try and reproduce this on a test Windows 2000
machine. How are you checking for null sessions? What are you running
that shows these are still present after setting the registry key?

Regards,

J Wolfgang Goerlich

wrote:
> I am trying to determine what is causing all of my W2K servers to be allowing
> "Null Sessions".
> I have changed the "restrictanonymous" reg values to 2 and check the local
> policy settings on the servers per this ms
doc:http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b246261
>
> Evidently something is still causing these servers to respond to "Null
> Sessions". The Windows 2003 servers that have the same GPO settings do not
> respond to the Null Session requests?
>
> Anyone ever see this before?
>
> Thanks!
> Dan



Posted by Dan Moesch on July 13, 2007, 4:20 pm
Please log in for more thread options
I am mapping to IPC$ and retrieving the user list with my vuln. scanner.
I could send the .exe over to you? I run it with no credentials and I get
the user list everytime.

"jwgoerlich@gmail.com" wrote:

> Hello Dan,
>
> I would be happy to try and reproduce this on a test Windows 2000
> machine. How are you checking for null sessions? What are you running
> that shows these are still present after setting the registry key?
>
> Regards,
>
> J Wolfgang Goerlich
>
> wrote:
> > I am trying to determine what is causing all of my W2K servers to be allowing
> > "Null Sessions".
> > I have changed the "restrictanonymous" reg values to 2 and check the local
> > policy settings on the servers per this ms
doc:http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b246261
> >
> > Evidently something is still causing these servers to respond to "Null
> > Sessions". The Windows 2003 servers that have the same GPO settings do not
> > respond to the Null Session requests?
> >
> > Anyone ever see this before?
> >
> > Thanks!
> > Dan
>
>
>

Posted by jwgoerlich on July 13, 2007, 4:55 pm
Please log in for more thread options
Sure, send the .exe to my jwgoerlich@gmail.com account.

wrote:
> I am mapping to IPC$ and retrieving the user list with my vuln. scanner.
> I could send the .exe over to you? I run it with no credentials and I get
> the user list everytime.
>
>
>
> "jwgoerl...@gmail.com" wrote:
> > Hello Dan,
>
> > I would be happy to try and reproduce this on a test Windows 2000
> > machine. How are you checking for null sessions? What are you running
> > that shows these are still present after setting the registry key?
>
> > Regards,
>
> > J Wolfgang Goerlich
>
> > wrote:
> > > I am trying to determine what is causing all of my W2K servers to be
allowing
> > > "Null Sessions".
> > > I have changed the "restrictanonymous" reg values to 2 and check the local
> > > policy settings on the servers per this ms
doc:http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b246261
>
> > > Evidently something is still causing these servers to respond to "Null
> > > Sessions". The Windows 2003 servers that have the same GPO settings do not
> > > respond to the Null Session requests?
>
> > > Anyone ever see this before?
>
> > > Thanks!
> > > Dan- Hide quoted text -
>
> - Show quoted text -



Posted by George Valkov on July 14, 2007, 7:49 am
Please log in for more thread options
Hello Dan!
I have not used File and printer sharing services for a good long time, but
from what I remember, there was this setting:
Network access: Do not allow anonymous enumeration of SAM accounts
under: Local Security Settings, Local Policies, Security Options.

Enable it to prevent Anonymous users to obtain the list of users on the
server or domain.

The other one:
Network access: Do not allow anonymous enumeration of SAM accounts and
shares
when enabled will prevent anonymous users to get a list of shared folders.

If you do not want any anonymous connections, disable the Guest account or
under
User rights assignment, add it to Deny access from the network.


I also remember that GFI's LANguard Network Security Scanner (I have version
3) was using Null sessions when scanning computers on the network, to
anonymously obtain the list of accounts. And then it can try to crack
someone's password, which is a serious security risk!

George Valkov



|I am mapping to IPC$ and retrieving the user list with my vuln. scanner.
| I could send the .exe over to you? I run it with no credentials and I get
| the user list everytime.
|
| "jwgoerlich@gmail.com" wrote:
|
| > Hello Dan,
| >
| > I would be happy to try and reproduce this on a test Windows 2000
| > machine. How are you checking for null sessions? What are you running
| > that shows these are still present after setting the registry key?
| >
| > Regards,
| >
| > J Wolfgang Goerlich
| >
| > wrote:
| > > I am trying to determine what is causing all of my W2K servers to be
allowing
| > > "Null Sessions".
| > > I have changed the "restrictanonymous" reg values to 2 and check the
local
| > > policy settings on the servers per this ms
doc:http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b246261
| > >
| > > Evidently something is still causing these servers to respond to "Null
| > > Sessions". The Windows 2003 servers that have the same GPO settings
do not
| > > respond to the Null Session requests?
| > >
| > > Anyone ever see this before?
| > >
| > > Thanks!
| > > Dan
| >
| >
| >



Similar ThreadsPosted
Seeing Null Share Connection in Eventviewer February 13, 2007, 4:27 am
IAS extension to limit max sessions number per user April 2, 2008, 2:15 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap