Setup ACL for LDAP Null Base on Windows 2000
Posted on 2002-07-25
I ran ISS on one of my servers and got the following:
LDAP NullBase: LDAP null base returns information
If LDAP allows NULL base in an LDAP search, a user can submit a search that returns information on namingContexts and supported controls. An attacker could use this information to access directory listings and plan further attacks.
Remedy: Set up an access list control to prevent users from dumping the base of the tree or issuing a request without knowing the base object.
My question is where and how do I do this and will it adversely affect my clients (they are 98 & 2000).
Please also see my question regarding inverse queries on 2k dns.