win2003&win2008 disable null sessions RRS feed

  • 问题

  • A null session connection to the IPC$ share was successful. NetBIOS access can be obtained with any authenticated account on this host. Therefore unauthorized users can steal the remote user list. This kind of attack is commonly exploited by users with weak passwords, such as the GUEST account.
    Please note that this QID is posted when QualysGuard is able to enumerate the user-list of a target via the Net* API functions (in which case QID 70003 is
    posted as well), or when QualysGuard is able to "brute-force" known SIDs via LsarLookupSids (in which case only QID 45003 is posted). 
     While both techniques use anonymous NetBIOS sessions, we are unaware of a system-level fix forLsarLookupSids, as Microsoft considers this to be requisite functionality.
    2012年3月12日 2:55