Skip to main content

Windows network risks - NetBIOS, SMB and null sessions


Some of the biggest security risks through information leakage, affecting Windows computers is the Windows network itself, and the protocols used to share files and printers amongst local computers in a local Windows network, particularly SMB and NetBIOS, taking advantage of default hidden shares. Here we describe a discovery technique also known as null sessions, that can provide additional in-depth information about a remote computer, that can further be used to compromise it and take control over it.

The Windows network implementation has a specific interface that can be queried via TCP-IP ports 139 and 445. The problem exists on many Windows installations due to the fact that default security configurations are allowing it. The first step an attacker would take, is to perform a TCP scan on your Windows computer. If improperly protected, your computer may have these ports open and they may expose a lot of information, through using the so called null sessions technique. What happens is that the attacker can open a communication channel through these ports as anonymous user with a null password; this channel can then be used further in order to obtain additional information about your computer, like network information, users and groups, shares, registry values and so on, through using the SMB and NetBIOS protocols.

The most effective way to protect your computer against null session attacks is to block ports 139 and 445 (TCP/UDP) on your computer. This leaves the attacker with no way to connect to the ports and therefore they cannot perform such queries and your security configuration has significantly improved. But there's more you can do. The best way to protect yourself from this problem is to disable access to SMB information on your computer, by configuring explicit anonymous connections through security options accessible from Control Panel – Administrative Tools – Local Security Policy. Once opened, go to Local Policy – Security options, and look for an entry called ''Additional restrictions for anonymous connections''. Set this entry to the most secure setting, which is ''No access without explicit anonymous permissions''. You may need to reboot computer after changing this value, for it to take full effect. What happens then, is that once an attacker will attempt again to connect to your computer and harvest information with this method, an access denied error message will be received and no information will further be disclosed. But once again, blocking access to ports 139 and 445 will protect your computer from this problem, that can otherwise be used to acquire additional information about your computer, and in the end, take control over it.

Comments

Popular posts from this blog

Sample : String Reverse In Java

import java.io.*; class test {     public static void main(String args[])     {         DataInputStream in=new DataInputStream(System.in);         try         {             String text;             System.out.println("\nEnter The Text");             text=in.readLine();             System.out.println("\nIn Reverse Order::\n");             for(int i=text.length()-1;i>=0;i--)             {                 System.out.print(text.charAt(i));             }          ...

Using GREP in UNIX

How To Use grep Command In Linux / UNIX by  VIVEK GITE  on  AUGUST 2, 2007  ·  147 COMMENTS H ow do I use grep command in Linux? grep command searches the given file for lines containing a match to the given strings or words. By default, grep prints the matching lines. Use grep to search for lines of text that match one or many regular expressions, and outputs only the matching lines. The name, "grep", derives from the command used to perform a similar operation, using the Unix/Linux text editor ed: g/re/p grep command syntax grep 'word' filename grep 'string1 string2' filename cat otherfile | grep 'something' command | grep 'something' Use grep to search file Search /etc/passwd for boo user: $ grep boo /etc/passwd You can force grep to ignore word case i.e match boo, Boo, BOO and all other combination with -i option: $ grep -i "boo" /etc/passwd Use grep recursively You can search recursively i.e. read all files under each ...