abduljavid at motorola.com
Wed Jul 30 20:01:56 GMT 2003
Thanks a bunch for your email response, really appreciate it.
I think scanner scans for all vulnerabilities including the one that am intrested in "NULL SESSION".
Does samba 3.0 restricts null sessions
What are the implications of using restrict anonymous = true ( my server is not a DC, its member server in AD domain, which provides nfs shares to win2k clients.
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Tuesday, July 29, 2003 5:09 PM
To: Javid Abdul-AJAVID1
Cc: 'Andrew Bartlett'; Multiple recipients of list SAMBA-TECHNICAL
Subject: RE: nt-netbios-nullsession
On Wed, 2003-07-30 at 00:32, Javid Abdul-AJAVID1 wrote:
> Is there any way , any parameter (2.2.8a) I can use to block null
> username ( anonymous ) passwords to remedy the ISS scans.
Not that I know of - you could start playing real silly buggers with the IPC$ share name, (set guest ok = no on that share) but there is nothing intentional.
Samba 3.0 adds the ability to easily restrict such access, as detailed in Samba 2.2.
If your security policy is based on 'what the scanner told me' then it's a pretty sad 'security' policy... (If the box is not a DC, it has not got that much information to give away, even if it wanted to)
Why not add a hosts deny for the host scanning you? ;-)
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical