I did run one of the ldap miners against a win2k domain, and while not finding anything of much interest, I was able to confirm that it did allow a null connection
I also googled all over and found not help in removing the null binding, except for openldap on linux... I have since marked these all false on windows boxes since there appears to be no way to disable null bind. (one google turned up an interesting complaint: user has a security audit done, ldap null bind showed up, user asked auditor what that meant and auditor told him it was proprietary information ;) -- Michael Scheidell, CEO SECNAP Network Security Corporation Sales: 866-SECNAPNET / (1-866-732-6276) Main: 561-368-9561 / www.secnap.net Looking for a career in Internet security? http://www.secnap.net/employment/ _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
