The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.
One of a set of tools we're offering as a way of saying thank you for being a part of the community.
Null Session/Anonymous Logons
I ran a network security vulnerability scan against a Windows 2000 DC. One of the vulnerabilities obtained was the "null session", but the most worrisome thing was that it listed all accounts name with same password as the logon name, and reverse logon name. As I know the passwords on w2000 server are encrypted and the question is how could is possible to find out the above mentioned passwords and it means that the passwords for the other accounts are vulnerable in spite of encryption. And another question, what kind of services or applications would be affected if I close the null session? I know it must be tested but kind of experience in dealing with this issue would be very helpful.
Thank you
Thank you
Who is Participating?
LVL 15
For DCS, you should put a value of 1 and the replication will not be affected.. I know of no application that uses null sessions btw.. I've never heard of anyone having problem with the disabling of null session capabilities on their network..
Using Dictionnary attack / Brute force, I can find 80% of the passwords in a 120 users domain btw in about 1 hours.. the only protection against that would be to enable the "force strong password" policy..
Use Registry Editor to find the following registry key, and then add
(or modify) the following value
HKEY_LOCAL_MACHINE\SYSTEM\
Value: RestrictAnonymous
Value Type: REG_DWORD
Value Data: 0x2 (Hex)
RestrictAnonymous is set by changing the registry key to 0 or 1 for
Windows NT 4.0 or to 0, 1, or 2 for Windows 2000. These numbers
correspond to the following settings:
0 None. Rely on default permissions (ie. allow Null Session
1 Do not allow enumeration of SAM accounts and names
2 No access without explicit anonymous permissions
Here, my setup is at 1, because of some application, and it'S better then 0..
(or modify) the following value
HKEY_LOCAL_MACHINE\SYSTEM\
Value: RestrictAnonymous
Value Type: REG_DWORD
Value Data: 0x2 (Hex)
RestrictAnonymous is set by changing the registry key to 0 or 1 for
Windows NT 4.0 or to 0, 1, or 2 for Windows 2000. These numbers
correspond to the following settings:
0 None. Rely on default permissions (ie. allow Null Session
1 Do not allow enumeration of SAM accounts and names
2 No access without explicit anonymous permissions
Here, my setup is at 1, because of some application, and it'S better then 0..
The problem with putting 2 btw was with our exchange server, apart from that, everything was running fine with it.. there is no danger putting it to 2.. after, you can always get it back to 1 if something stops working.
Interesting read about this vulnerability and windows system:
http://ist.uwaterloo.ca/security/vulnerable/20030807.note
http://ist.uwaterloo.ca/security/vulnerable/20030807.note
"BEWARE -- We understand that Windows 2000 Domain Controllers should set the
value to 1 (not 2) if they manage a mixed environment -- eg. if they have
any trust relationships with NT4 Domains"
value to 1 (not 2) if they manage a mixed environment -- eg. if they have
any trust relationships with NT4 Domains"
I went through Microsoft KB articles 143474 and 246261 which tell how to change the settings for null session, this is no my concern, but because my network runs multtiple applications I am concerned of the impact of disabling null session
We also run multiple application, including exchange, Intranet, and lots of other, and didnt run in any problem. If you application are home made, you should know if they are using null authentification. I doubt it will affect how your application are working with a value of 1...
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
