| VID |
28014 |
| Severity |
20 |
| Port |
137,138,139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The remote host appears to be a Backup Domain Controller. This can be told by the value of the registry key ProductType under
HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions.
This knowledge may be of some use to a cracker and help him to focus his attack on this host.
* Platforms Affected :
Microsoft Windows Any version |
| Recommendation |
To prevent the listing of the shares for being obtained via a null session, you should either have tight login restrictions, so that only trusted users can access your host, and/or you should filter incoming traffic to some ports (137/tcp|udp, 138/udp, 139/tcp, 445/tcp) from the gateway of your networks.
To restrict anonymous connections in Windows, follow these steps:
For Windows NT:
1. Open Registry Editor. From the Windows NT Start menu, select Run, type regedt32.
2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA.
3. Double Click "RestrictAnonymous" Key and In the Data field, type 1.
4. Double Click "LMCompatibilityLevel" Key and In the Data field, type 0.
5. Close Registry Editor, and Reboot the system to apply the changes.
For Windows 2000:
1. Open Registry Editor. From the Windows 2000 Start menu, select Run, type regedt32.
2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA.
3. Double Click "RestrictAnonymous" Key and In the Data field, type 2.
4. Double Click "LMCompatibilityLevel" Key and In the Data field, type 0.
5. Close Registry Editor, and Reboot the system to apply the changes. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
1325 (ISS) |
|
