?
Solved

Setup ACL for LDAP Null Base on Windows 2000

Posted on 2002-07-25
2
Medium Priority
?
197 Views
Last Modified: 2013-12-19
I ran ISS on one of my servers and got the following:

LDAP NullBase: LDAP null base returns information
If LDAP allows NULL base in an LDAP search, a user can submit a search that returns information on namingContexts and supported controls.  An attacker could use this information to access directory listings and plan further attacks.

Remedy:  Set up an access list control to prevent users from dumping the base of the tree or issuing a request without knowing the base object.

My question is where and how do I do this and will it adversely affect my clients (they are 98 & 2000).

Thanks.

Please also see my question regarding inverse queries on 2k dns.
0
Comment
Question by:robinsonbpc
2 Comments
 
LVL 11

Accepted Solution

by:
geoffryn earned 800 total points
ID: 7177420
This vulnerablity exists if your AD is in Mixed mode.  Downlevel clients (Win 9x, NT 4.0) need to be able to make AD/LDAP queries as null/anonymous.  
0
 
LVL 1

Author Comment

by:robinsonbpc
ID: 7193612
Thank you for your help.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question