Not necessarily on topic for this list... So a quick reply, and then let's discuss this offline or on ntsecurity or some other list.
> -----Original Message----- > From: drenning, bruce [mailto:[EMAIL PROTECTED]] > Sent: Thursday, July 25, 2002 1:08 PM > To: '[EMAIL PROTECTED]' > Subject: RE: netbios question > > > To the best of my knowledge, unless you are running win2k > 100% native, you > have to allow null sessions. Null sessions are used to > enumerate shares & > accounts, & are required to some extent in NT domains. There I believe that this is only necessary on the domain controller in a non-active directory environment. Other systems should disable. > is a registry > key that can be set (I can't remember exactly, but a search > at MS or deja Hive: HKEY_LOCAL_MACHINE\SYSTEM Key: \System\CurrentControlSet\Control\Lsa Name: RestrictAnonymous Type: REG_DWORD Value: 1 > news/google under microsoft.public.* should get you going) to > 0 (default), > 1, or 2. 2 being no null sessions allowed. However, setting > this key to 2 > will absolutely break some things unless you are 100% Active > Directory in > native mode. I've looked at this a little. Setting it to 1 > will stop some > automated tools from getting a null connection, but not all > of them (I think > nessus will still alert on a 1). To minimize this issue: This should disable all anonymous logins, although individual queries for sid2user will still work, so brute forcing some information is still possible. If I'm wrong and some null sessions are allowed please send me an e-mail and let me know. > <CUT GOOD Security advice but not on topic> > The 1219 error probably indicates you were trying a server > that you already > had a drive mapped to under your login acct. It's not a false > positive. Null Yep, there was an existing security association and Windows can only handle one association per server. Before you can test everything on a network, you need to disconnect mapped shares and do a "net use /delete *" RANT and Obhack: I always hated that I can't map one share on a server with my admin rights and another with my user rights. So I fixed this by using samba to map the drives with the associations I want and then sharing them out to my windows system. Works great and keeps me from doing regular work in NT with Domain admin rights hanging around. > sessions are allowed. However, it's going to turn up for > every win PC, so > you may not want to include it in a final report (or just > mention it as a > footnote) unless your environment requires that nth degree of security > regardless of cost. > I disagree. When doing assessments, NULL session is my most common first step into an NT network. It should be disabled whereever possible. > HTH > > Dion - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body. * To subscribe again, send a mail to [EMAIL PROTECTED] with "subscribe nessus" in the body
