Of course I want Nessus to do the best possible job. The issue is giving reports to management, who are not likely to understand the distinctions between tests that use LsaLookups and those that do not. If I say that Null Sessions are disabled, but they continue to show up in scans it would be helpful to have some very clear language stating why, in the actual scan. It would be even more helpful to have two separate tests (One using LsaLookups and one not.) so that I can test and verify what exactly is still vulnerable and under what conditions. I am not enough of a programmer to do this myself, and doubt that this issue is very high on anyone's list. But, if someone has some time on their hands it would be appreciated...
Thanks to everyone for your explanations and assistance! Adrian -----Original Message----- From: Taed Wynnell [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 26, 2002 11:33 AM To: Mink, Adrian (QB8692); Nessus Mailing List (E-mail) Subject: RE: Null session log in Why would you want to prevent Nessus from doing the best job of testing that it can? If Nessus can find the problem, then why wouldn't you want to know that the problem exists? The Nessus plugin verbage is actually slightly different depending on what the setting is. Renauld made that change when this topic came up about 6 months ago. I think that it actually mentions the RestrictAnonymous setting, and then has different text depending if it thinks it's a Windows NT machine or something "higher". -----Original Message----- From: Mink, Adrian (QB8692) [mailto:[EMAIL PROTECTED]] Sent: Thursday 26 September 2002 11:22 AM To: Nessus Mailing List (E-mail) Subject: RE: Null session log in That would certainly be useful, as I cannot set restrictanonymous=2 on my network as too many other issues crop up. Would it be possible to note these items in the actual plugins? Or to have two sets of tests, one which uses LsaLookups and one which does not? Thanks! -----Original Message----- From: Taed Wynnell [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 26, 2002 11:12 AM To: 'Michel Arboi' Cc: Nessus Mailing List (E-mail) Subject: RE: Null session log in Yes, it was "known" in that sense, but we wanted it confirmed by the Microsoft engineering group that there was no OTHER way to prevent it (other than filtering the NetBIOS ports completely) on Windows NT. -----Original Message----- From: Michel Arboi [mailto:[EMAIL PROTECTED]] Sent: Thursday 26 September 2002 11:04 AM To: Nessus Mailing List (E-mail) Subject: Re: Null session log in Taed Wynnell <[EMAIL PROTECTED]> writes: > We submitted a Microsoft Premier Support issue on this topic, and they > confirmed that there is no way to prevent what Nessus does on Windows NT. > On Windows 2000 and up, it can be prevented with "RestrictAnonymous=2". It seems that this problem was already known: http://www.securityfriday.com/Topics/restrictanonymous.html http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0078.html (off topic) Please note that restricting anonymous SMB sessions may break some functions (inter-domain trust...) - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body. - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body. - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body. - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
