RE: Update: SMB enumation in Win2000/03

[Joey Peloquin <jpelo1 () jcpenney com>]

Stephen,

Apparently, Hacking Exposed: Windows Server 2003 is out.  It deals with your
problem (and, soon to be mine) in Chapter 4:Enumeration [1].  Unfortunately,
though, Table 4-5, which apparently lists the settings we'll want to use, is
not available from the link below, and I have not purchased a copy of the
book - yet.

The information specific to your issue can be found by searching the string
'Configuring "Network Access" in Security Policy'.

Alternatively, if you haven't already, you could read through the Windows
Server 2003 Security guide [2].  Chapter 4 deals with hardening domain
controllers.

I'd look through it, but it's snowing in North Texas for once, and my son
has a snowball fight coming ...

Best of luck.

Joey Peloquin

[1]
http://216.239.37.104/search?q=cache:DwR16jOiPdYJ:www.osborne.com/products/0
072230614/0072230614_ch04.pdf+%22windows+server+2003%22+smb+enumeration+enum
&hl=en&lr=lang_en&ie=UTF-8
[2]
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
prodtech/win2003/w2003hg/sgch00.asp

> > -----Original Message-----
> > From: Stephen C. Gay [mailto:sgay () ellijay com] 
> > Sent: Wednesday, February 11, 2004 9:05 PM
> > To: security-basics () securityfocus com
> > Subject: Update: SMB enumation in Win2000/03
> >
> >
> > Quick update on my user enumeration delima,
> >
> > On a pure Windows 2000 domain I was able to set the Restrict 
> > Anonymous Reg key to the dreaded "2" and stop the user list 
> > enumeration. Enum, net use, and hunt all three fail on 
> > anonymous bind. 
> >
> > This is not the case in the Win Server 2003 environment. I 
> > can still get the users. I am beginning to think this may be 
> > based on a trust relationship between the Win Svr 2003 domain 
> > and a kerberos realm.
> >
> > Stephen 
[...]

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  If the reader of this message is not the intended recipient,
you are hereby notified that your access is unauthorized, and any review,
dissemination, distribution or copying of this message including any
attachments is strictly prohibited.   If you are not the intended
recipient, please contact the sender and delete the material from any
computer.

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------