Guest Dan Moesch Posted July 13, 2007 Posted July 13, 2007 I am trying to determine what is causing all of my W2K servers to be allowing "Null Sessions". I have changed the "restrictanonymous" reg values to 2 and check the local policy settings on the servers per this ms doc: http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b246261 Evidently something is still causing these servers to respond to "Null Sessions". The Windows 2003 servers that have the same GPO settings do not respond to the Null Session requests? Anyone ever see this before? Thanks! Dan Quote
Guest S. Pidgorny Posted July 14, 2007 Posted July 14, 2007 What's the evidence in the "evidently"? -- Svyatoslav Pidgorny, MS MVP - Security, MCSE -= F1 is the key =- * http://sl.mvps.org * http://msmvps.com/blogs/sp * "Dan Moesch" <DanMoesch@discussions.microsoft.com> wrote in message news:32BD324F-7EF3-4D08-BA29-11F59E9F10E1@microsoft.com... >I am trying to determine what is causing all of my W2K servers to be >allowing > "Null Sessions". > I have changed the "restrictanonymous" reg values to 2 and check the local > policy settings on the servers per this ms doc: > http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b246261 > > Evidently something is still causing these servers to respond to "Null > Sessions". The Windows 2003 servers that have the same GPO settings do > not > respond to the Null Session requests? > > Anyone ever see this before? > > Thanks! > Dan > Quote
Guest Dan Moesch Posted July 14, 2007 Posted July 14, 2007 User list by mapping a null IPS$ session. "S. Pidgorny <MVP>" wrote: > What's the evidence in the "evidently"? > > -- > Svyatoslav Pidgorny, MS MVP - Security, MCSE > -= F1 is the key =- > > * http://sl.mvps.org * http://msmvps.com/blogs/sp * > > "Dan Moesch" <DanMoesch@discussions.microsoft.com> wrote in message > news:32BD324F-7EF3-4D08-BA29-11F59E9F10E1@microsoft.com... > >I am trying to determine what is causing all of my W2K servers to be > >allowing > > "Null Sessions". > > I have changed the "restrictanonymous" reg values to 2 and check the local > > policy settings on the servers per this ms doc: > > http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b246261 > > > > Evidently something is still causing these servers to respond to "Null > > Sessions". The Windows 2003 servers that have the same GPO settings do > > not > > respond to the Null Session requests? > > > > Anyone ever see this before? > > > > Thanks! > > Dan > > > > > Quote
Guest S. Pidgorny Posted July 14, 2007 Posted July 14, 2007 Make sure you have rebooted the server and testing correctly (i.e. receive the list from Linux system that is not in your domain). See how it traces in the security log. And do not cross-post. -- Svyatoslav Pidgorny, MS MVP - Security, MCSE -= F1 is the key =- * http://sl.mvps.org * http://msmvps.com/blogs/sp * "Dan Moesch" <DanMoesch@discussions.microsoft.com> wrote in message news:B17C6998-2117-4A19-9055-6924A0E13446@microsoft.com... > User list by mapping a null IPS$ session. > > "S. Pidgorny <MVP>" wrote: > >> What's the evidence in the "evidently"? >> Quote
Guest James Matthews Posted July 20, 2007 Posted July 20, 2007 This could be hackers, Could be a defective samba or regular SMB share... -- http://www.goldwatches.com/watches.asp?Brand=14 "S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message news:uJqRXlexHHA.3536@TK2MSFTNGP03.phx.gbl... > Make sure you have rebooted the server and testing correctly (i.e. receive > the list from Linux system that is not in your domain). > > See how it traces in the security log. > > And do not cross-post. > > -- > Svyatoslav Pidgorny, MS MVP - Security, MCSE > -= F1 is the key =- > > * http://sl.mvps.org * http://msmvps.com/blogs/sp * > > "Dan Moesch" <DanMoesch@discussions.microsoft.com> wrote in message > news:B17C6998-2117-4A19-9055-6924A0E13446@microsoft.com... >> User list by mapping a null IPS$ session. >> >> "S. Pidgorny <MVP>" wrote: >> >>> What's the evidence in the "evidently"? >>> > > Quote
Guest Nuno Mota Posted July 20, 2007 Posted July 20, 2007 Do you have URP1 for Windows 2000 SP4 installed?? Also, couldn't it be using an alternate named pipe for that?? "James Matthews" wrote: > This could be hackers, Could be a defective samba or regular SMB share... > > -- > > http://www.goldwatches.com/watches.asp?Brand=14 > "S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message > news:uJqRXlexHHA.3536@TK2MSFTNGP03.phx.gbl... > > Make sure you have rebooted the server and testing correctly (i.e. receive > > the list from Linux system that is not in your domain). > > > > See how it traces in the security log. > > > > And do not cross-post. > > > > -- > > Svyatoslav Pidgorny, MS MVP - Security, MCSE > > -= F1 is the key =- > > > > * http://sl.mvps.org * http://msmvps.com/blogs/sp * > > > > "Dan Moesch" <DanMoesch@discussions.microsoft.com> wrote in message > > news:B17C6998-2117-4A19-9055-6924A0E13446@microsoft.com... > >> User list by mapping a null IPS$ session. > >> > >> "S. Pidgorny <MVP>" wrote: > >> > >>> What's the evidence in the "evidently"? Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.