Solved

Setup ACL for LDAP Null Base on Windows 2000

Posted on 2002-07-25
2
193 Views
Last Modified: 2013-12-19
I ran ISS on one of my servers and got the following:

LDAP NullBase: LDAP null base returns information
If LDAP allows NULL base in an LDAP search, a user can submit a search that returns information on namingContexts and supported controls.  An attacker could use this information to access directory listings and plan further attacks.

Remedy:  Set up an access list control to prevent users from dumping the base of the tree or issuing a request without knowing the base object.

My question is where and how do I do this and will it adversely affect my clients (they are 98 & 2000).

Thanks.

Please also see my question regarding inverse queries on 2k dns.
0
Comment
Question by:robinsonbpc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 11

Accepted Solution

by:
geoffryn earned 200 total points
ID: 7177420
This vulnerablity exists if your AD is in Mixed mode.  Downlevel clients (Win 9x, NT 4.0) need to be able to make AD/LDAP queries as null/anonymous.  
0
 
LVL 1

Author Comment

by:robinsonbpc
ID: 7193612
Thank you for your help.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question