Hi,
 I m using windows 2k machines and while scaning through ISS scanner i found vulnerability for Null sessions. I disabled the features for null session thru registry

[HKLM\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous:Reg_Dwor
d:0x1]
still the vulnerability is detected for the same.
Kindly help for solutions


thankx

It's not necessarily a false positive, it's just a lack of understanding of named pipes.


Windows 2000 Null session restrictions has 3 values.

Value 0. No restrictions
Value 1. Prevent direct enumeration of accounts and groups using the samr named pipe.

But... There are 6 hardcoded named pipes in win2k

Value 2. Prevent Null sessions (anonymous connections to the IPC$)

So, To solve your problem change the registry value to 2, and re scan! Your problem should go away