Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.
COURSE of the MONTH
12 days, 11 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Null Session/Anonymous Logons
Posted on 2004-09-24
I ran a network security vulnerability scan against a Windows 2000 DC. One of the vulnerabilities obtained was the "null session", but the most worrisome thing was that it listed all accounts name with same password as the logon name, and reverse logon name. As I know the passwords on w2000 server are encrypted and the question is how could is possible to find out the above mentioned passwords and it means that the passwords for the other accounts are vulnerable in spite of encryption. And another question, what kind of services or applications would be affected if I close the null session? I know it must be tested but kind of experience in dealing with this issue would be very helpful.
Thank you
Thank you
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
8
-
4
14 Comments
Using Dictionnary attack / Brute force, I can find 80% of the passwords in a 120 users domain btw in about 1 hours.. the only protection against that would be to enable the "force strong password" policy..
Use Registry Editor to find the following registry key, and then add
(or modify) the following value
HKEY_LOCAL_MACHINE\SYSTEM\
Value: RestrictAnonymous
Value Type: REG_DWORD
Value Data: 0x2 (Hex)
RestrictAnonymous is set by changing the registry key to 0 or 1 for
Windows NT 4.0 or to 0, 1, or 2 for Windows 2000. These numbers
correspond to the following settings:
0 None. Rely on default permissions (ie. allow Null Session
1 Do not allow enumeration of SAM accounts and names
2 No access without explicit anonymous permissions
Here, my setup is at 1, because of some application, and it'S better then 0..
(or modify) the following value
HKEY_LOCAL_MACHINE\SYSTEM\
Value: RestrictAnonymous
Value Type: REG_DWORD
Value Data: 0x2 (Hex)
RestrictAnonymous is set by changing the registry key to 0 or 1 for
Windows NT 4.0 or to 0, 1, or 2 for Windows 2000. These numbers
correspond to the following settings:
0 None. Rely on default permissions (ie. allow Null Session
1 Do not allow enumeration of SAM accounts and names
2 No access without explicit anonymous permissions
Here, my setup is at 1, because of some application, and it'S better then 0..
The problem with putting 2 btw was with our exchange server, apart from that, everything was running fine with it.. there is no danger putting it to 2.. after, you can always get it back to 1 if something stops working.
Interesting read about this vulnerability and windows system:
http://ist.uwaterloo.ca/security/vulnerable/20030807.note
http://ist.uwaterloo.ca/security/vulnerable/20030807.note
"BEWARE -- We understand that Windows 2000 Domain Controllers should set the
value to 1 (not 2) if they manage a mixed environment -- eg. if they have
any trust relationships with NT4 Domains"
value to 1 (not 2) if they manage a mixed environment -- eg. if they have
any trust relationships with NT4 Domains"
I went through Microsoft KB articles 143474 and 246261 which tell how to change the settings for null session, this is no my concern, but because my network runs multtiple applications I am concerned of the impact of disabling null session
We also run multiple application, including exchange, Intranet, and lots of other, and didnt run in any problem. If you application are home made, you should know if they are using null authentification. I doubt it will affect how your application are working with a value of 1...
It's rather a business network. The replication services between DCs will be afected? What applications are using null session?
Featured Post
Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device.
In simple terms a gateway is formed when a computer such as a serv…
Downtime reduced, data recovered by utilizing an Experts Exchange Business Account
Challenge
The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
How to fix incompatible JVM issue while installing Eclipse
While installing Eclipse in windows, got one error like above and unable to proceed with the installation.
This video describes how to successfully install Eclipse.
How to solve incompa…
Suggested Courses
Course of the Month12 days, 11 hours left to enroll
777 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.