Security Basics mailing list archives
SMB enumation in Win2000/03
From: "Stephen C. Gay" <sgay () ellijay com>
Date: Wed, 11 Feb 2004 21:28:10 -0500
Hello, I am having difficulity locking down a couple of Windows Server 2003 domain controllers. I have locked down anonymous connections, per the Microsoft instructions and the servers are fully patched. Even with these measures, I can use tools like "enum" (Razor) or "hunt" (Foundstone) and harvest the user list from an unauthenicated workstation (directing the tools to a domain controller). I am no longer able to get the share list, just the users. The only way I have sucessfully stopped the vulnerability is by removal of File and Print Sharing on the 2 Doamin Controllers, but then I cannot add a workstation to the domain. If anyone could offer any suggestions I would be most grateful, as I'm running out of ideas. Thank you, Stephen Gay sgay () ellijay com --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- SMB enumation in Win2000/03 Stephen C. Gay (Feb 12)
- <Possible follow-ups>
- RE: SMB enumation in Win2000/03 Gene LeDuc (Feb 13)