SMB enumation in Win2000/03

["Stephen C. Gay" <sgay () ellijay com>]

Hello,

I am having difficulity locking down a couple of Windows Server 2003 domain
controllers. I have locked down anonymous connections, per the Microsoft
instructions and the servers are fully patched. Even with these measures, I
can use tools like "enum" (Razor) or "hunt" (Foundstone) and harvest the
user list from an unauthenicated workstation (directing the tools to a
domain controller). I am no longer able to get the share list, just the
users. 

The only way I have sucessfully stopped the vulnerability is by removal of
File and Print Sharing on the 2 Doamin Controllers, but then I cannot add a
workstation to the domain. 

If anyone could offer any suggestions I would be most grateful, as I'm
running out of ideas.

Thank you,
Stephen Gay
sgay () ellijay com


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------