On Wed, 2003-01-01 at 07:56, Jim Carter wrote: > On Sat, 28 Dec 2002, andy thomas wrote: > > Unauthorised connection attempts to a server running samba 2.2.0a are a > > daily occurrence but incorrect usernames/share names prevent accesses to > > shares and this is not normally anything to worry about. But looking > > through the smbd logs on this server I found one instance where someone > > apparently knew the 6 usernames listed in the smbpasswd file and tried to > > use those in turn to gain access. (This was unsuccessful as passwords > > are used to protect access to shares). > > At work we had a similar attack on the Win2K PDC. Apparently on Windows > it's a standard feature to enumerate the known users. Then the attacker > tries a short list of weak passwords on each one. We had it set up so > repeated authentication failures would lock the account. The helpdesk > person really had her hands full that day! > > Probably all that's necessary is to browse the [homes] directory.
Yes, Samba provides that information. Samba 3.0 has changed the meaning of the 'restrict anonymous' setting in smb.conf, and this now allows you to disable this enumeration, in line with what Win2k does for the registry key of the same name. If the machine is *just* a fileserver, does not become local/master browser etc and is not a PDC, then 'restrict anonymous = 2' could be quite beneficial. (no IPC$ access to guest users). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
