Null Sessions

  • Thread starter Thread starter Dan Moesch
  • Start date Start date
D

Dan Moesch

Guest
I am trying to determine what is causing all of my W2K servers to be allowing
"Null Sessions".
I have changed the "restrictanonymous" reg values to 2 and check the local
policy settings on the servers per this ms doc:
http://support.microsoft.com/default.aspx?scid=kb;en-us;246261

Evidently something is still causing these servers to respond to "Null
Sessions". The Windows 2003 servers that have the same GPO settings do not
respond to the Null Session requests?

Anyone ever see this before?

Thanks!
Dan
 
What's the evidence in the "evidently"?

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"Dan Moesch" <DanMoesch@discussions.microsoft.com> wrote in message
news:32BD324F-7EF3-4D08-BA29-11F59E9F10E1@microsoft.com...
>I am trying to determine what is causing all of my W2K servers to be
>allowing
> "Null Sessions".
> I have changed the "restrictanonymous" reg values to 2 and check the local
> policy settings on the servers per this ms doc:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;246261
>
> Evidently something is still causing these servers to respond to "Null
> Sessions". The Windows 2003 servers that have the same GPO settings do
> not
> respond to the Null Session requests?
>
> Anyone ever see this before?
>
> Thanks!
> Dan
>
 
User list by mapping a null IPS$ session.

"S. Pidgorny <MVP>" wrote:

> What's the evidence in the "evidently"?
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>
> "Dan Moesch" <DanMoesch@discussions.microsoft.com> wrote in message
> news:32BD324F-7EF3-4D08-BA29-11F59E9F10E1@microsoft.com...
> >I am trying to determine what is causing all of my W2K servers to be
> >allowing
> > "Null Sessions".
> > I have changed the "restrictanonymous" reg values to 2 and check the local
> > policy settings on the servers per this ms doc:
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;246261
> >
> > Evidently something is still causing these servers to respond to "Null
> > Sessions". The Windows 2003 servers that have the same GPO settings do
> > not
> > respond to the Null Session requests?
> >
> > Anyone ever see this before?
> >
> > Thanks!
> > Dan
> >
>
>
>
 
Make sure you have rebooted the server and testing correctly (i.e. receive
the list from Linux system that is not in your domain).

See how it traces in the security log.

And do not cross-post.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"Dan Moesch" <DanMoesch@discussions.microsoft.com> wrote in message
news:B17C6998-2117-4A19-9055-6924A0E13446@microsoft.com...
> User list by mapping a null IPS$ session.
>
> "S. Pidgorny <MVP>" wrote:
>
>> What's the evidence in the "evidently"?
>>
 
This could be hackers, Could be a defective samba or regular SMB share...

--

http://www.goldwatches.com/watches.asp?Brand=14
"S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message
news:uJqRXlexHHA.3536@TK2MSFTNGP03.phx.gbl...
> Make sure you have rebooted the server and testing correctly (i.e. receive
> the list from Linux system that is not in your domain).
>
> See how it traces in the security log.
>
> And do not cross-post.
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>
> "Dan Moesch" <DanMoesch@discussions.microsoft.com> wrote in message
> news:B17C6998-2117-4A19-9055-6924A0E13446@microsoft.com...
>> User list by mapping a null IPS$ session.
>>
>> "S. Pidgorny <MVP>" wrote:
>>
>>> What's the evidence in the "evidently"?
>>>
>
>
 
Do you have URP1 for Windows 2000 SP4 installed??
Also, couldn't it be using an alternate named pipe for that??




"James Matthews" wrote:

> This could be hackers, Could be a defective samba or regular SMB share...
>
> --
>
> http://www.goldwatches.com/watches.asp?Brand=14
> "S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message
> news:uJqRXlexHHA.3536@TK2MSFTNGP03.phx.gbl...
> > Make sure you have rebooted the server and testing correctly (i.e. receive
> > the list from Linux system that is not in your domain).
> >
> > See how it traces in the security log.
> >
> > And do not cross-post.
> >
> > --
> > Svyatoslav Pidgorny, MS MVP - Security, MCSE
> > -= F1 is the key =-
> >
> > * http://sl.mvps.org * http://msmvps.com/blogs/sp *
> >
> > "Dan Moesch" <DanMoesch@discussions.microsoft.com> wrote in message
> > news:B17C6998-2117-4A19-9055-6924A0E13446@microsoft.com...
> >> User list by mapping a null IPS$ session.
> >>
> >> "S. Pidgorny <MVP>" wrote:
> >>
> >>> What's the evidence in the "evidently"?
 
You must log in or register to reply here.

Similar threads

Y
Do Not Disturb - turn off during OS Build / Post OS Build
Replies
0
Views
21
Yubs_323
Y
A
Announcing Windows 11 Insider Preview Build 22635.3858 (Beta Channel)
Replies
0
Views
10
Amanda Langowski
A
A
Announcing Windows 11 Insider Preview Build 27718 (Canary Channel)
Replies
0
Views
12
Amanda Langowski
A
B
Announcing Windows 11 Insider Preview Build 22621.2338 and 22631.2338 (Beta Channel)
Replies
0
Views
30
Brandon LeBlanc
B
B
Announcing Windows 11 Insider Preview Build 25977 (Canary Channel)
Replies
0
Views
10
Brandon LeBlanc
B
Back
Top