On 11/13/07 12:30, PJ Bender wrote: > When Nessus was run against our two Domain Controllers, we received > the following report: > > *Synopsis*: It is possible to disclose LDAP information. ... > *Solution*: Disable NULL BIND on your LDAP server ... > I don’t think it is this problem.
FWIW, the plugin actually tries to query a server without authenticating (ie, a "NULL BIND") and checks for a response. So it might be useful to capture packets to/from the affected LDAP services and see what is being returned. > Can someone let me know where I can go to find a method(s) to disable > the null bind on my Windows 2003 LDAP server(s)? Have you searched Microsoft's site? For example: check out the discussion of "dsHeuristics" in: http://support.microsoft.com/kb/326690/ George -- [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
