.

Null sessions

<<

manju_salian

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Mon Apr 09, 2007 1:31 am

Post Thu Jun 19, 2008 3:57 am

Null sessions

Hi,
I m using windows 2k machines and while scaning through ISS scanner i found vulnerability for Null sessions. I disabled the features for null session thru registry

[HKLM\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous:Reg_Dwor
d:0x1]
still the vulnerability is detected for the same.
Kindly help for solutions


thankx
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Thu Jun 19, 2008 10:36 am

Re: Null sessions

Have you tried actually creating a null session with the machine? It very well could just be a false-positive from you vulnerability scanner.

BillV
<<

phn1x

Newbie
Newbie

Posts: 26

Joined: Thu Feb 21, 2008 12:16 pm

Post Thu Jun 19, 2008 11:40 am

Re: Null sessions

It's not necessarily a false positive, it's just a lack of understanding of named pipes.


Windows 2000 Null session restrictions has 3 values.

Value 0. No restrictions
Value 1. Prevent direct enumeration of accounts and groups using the samr named pipe.

But... There are 6 hardcoded named pipes in win2k

Value 2. Prevent Null sessions (anonymous connections to the IPC$)

So, To solve your problem change the registry value to 2, and re scan! Your problem should go away

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software