Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NT Null Sessions 1

Status
Not open for further replies.
SgtB

SgtB

IS-IT--Management
Oct 3, 2002
447
US
Well, I put up a snort sensor on our switch that has all our servers. I started logging NT Null Sessions all over the place. These are mainly directed at our domain controllers connection to the IPC$ share. There are others however that are attempting to connect to other shares on servers, and some client machines.
My understanding of a NULL session would be the source does not give a hostname or password when trying to connect. Correct? Either way, what do you think this traffic would mean? Again, about 90% of these packets are directed at domain controllers going to the IPC$ share, while the other 10% are connecting to seemingly random shares on other machines.

I'll see your DMCA and raise you a First Amendment.
 
Sort by date Sort by votes
Nevermind...
DC to DC conversations happen over null sessions. Disabling them would cripple a domain. Client to client null sessions? Domain authentication/printing perhaps?
You can restrict anonymous (null) authentication through the registry.

Just thought I'd relay my findings!

Baselining IDS is no fun! Too many false positives!

I'll see your DMCA and raise you a First Amendment.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxnkey
  • Locked
  • Question
2 SLA Monitor sessions on ASA 5505
Replies
6
Views
172
iggsterman
iggsterman
bdmoran
  • Locked
  • Question
TransferSpreadsheet Null Values
Replies
0
Views
81
bdmoran
bdmoran
xyCruiseryx
  • Locked
  • Question
Session-Timeout: Need a solution to keep TCP Sessions alive
Replies
5
Views
229
xyCruiseryx
xyCruiseryx
lecarbajal
  • Locked
  • Question
ASA ntp sync fail
Replies
2
Views
105
lecarbajal
lecarbajal
Deskey123
  • Locked
  • Question
VPN tunnel keeps dropping connections/sessions
Replies
2
Views
118
Helenp1983
Helenp1983

Part and Inventory Search

Sponsor

Back
Top