nt-netbios-nullsession

Andrew Bartlett abartlet at samba.org
Tue Jul 29 22:09:14 GMT 2003


On Wed, 2003-07-30 at 00:32, Javid Abdul-AJAVID1 wrote:
> Is there any way , any parameter (2.2.8a) I can use to block null username ( anonymous ) passwords to remedy the ISS scans.

Not that I know of - you could start playing real silly buggers with the
IPC$ share name, (set guest ok = no on that share) but there is nothing
intentional.

Samba 3.0 adds the ability to easily restrict such access, as detailed
in Samba 2.2.  

If your security policy is based on 'what the scanner told me' then it's
a pretty sad 'security' policy...  (If the box is not a DC, it has not
got that much information to give away, even if it wanted to)

Why not add a hosts deny for the host scanning you? ;-)

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030729/dc5934c7/attachment.bin


More information about the samba-technical mailing list