Javid Abdul-AJAVID1 abduljavid at motorola.com
Wed Jul 30 20:01:56 GMT 2003

Thanks a bunch for your email response, really appreciate it.

I think scanner scans for all vulnerabilities including the one that am intrested in "NULL SESSION".

Does samba 3.0 restricts null sessions 

What are the implications of using restrict anonymous = true ( my server is not a DC, its member server in AD domain, which provides nfs shares to win2k clients.


-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: Tuesday, July 29, 2003 5:09 PM
To: Javid Abdul-AJAVID1
Cc: 'Andrew Bartlett'; Multiple recipients of list SAMBA-TECHNICAL
Subject: RE: nt-netbios-nullsession

On Wed, 2003-07-30 at 00:32, Javid Abdul-AJAVID1 wrote:
> Is there any way , any parameter (2.2.8a) I can use to block null 
> username ( anonymous ) passwords to remedy the ISS scans.

Not that I know of - you could start playing real silly buggers with the IPC$ share name, (set guest ok = no on that share) but there is nothing intentional.

Samba 3.0 adds the ability to easily restrict such access, as detailed in Samba 2.2.  

If your security policy is based on 'what the scanner told me' then it's a pretty sad 'security' policy...  (If the box is not a DC, it has not got that much information to give away, even if it wanted to)

Why not add a hosts deny for the host scanning you? ;-)

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba-technical mailing list