RE: 2 in 1: Vmware Limitations / Null Sessions

["Paul Melson" <pmelson () gmail com>]

-----Original Message-----
Subject: 2 in 1: Vmware Limitations / Null Sessions

> 1)Vmware-related: When running an image of an OS on windows XP SP2, does
it suffer from the 
> limitations of the Host OS? I.e - Am I anonymous when running Anonym.OS's
image on VMWare on 
> Win XP SP2? - Do I have raw sockets problems when scanning off a Linux
image again on VMWare 
> Win XP?

As far as being 'anonymous' on a network, I don't buy it.  There are still
plenty of ways of discovering and analyzing a machine running Anonym.OS.
Also, no, your XP interfaces will still show up as XP on the local network.
It will look like two machines to the untrained eye - one running XP on the
native Windows interface, the other running Anonym.OS on the VMnic0
interface.  However, anybody with access to the switch you're on will be
able to tell that it's really one device.

As far as raw socket access through VMWare on XP, it should work just fine.
Specifically, XP SP2 will not prevent a VM OS from using raw sockets.  I
suppose you could run into compatibility issues along the way, but generally
speaking it works.


> 2)Null Sessions-related: Bit of history for those of you unfamiliar. Null
sessions have been 
> enabled by default in pre-XP SP1 systems; to disable you have to make a
small registry 
> change. In XP SP2 and Windows Server 2003 they are disabled by default,
with the EXCEPTION 
> of domain controllers.The real question is:
> - Would disabling null sessions in a domain controller cause functionality
problems?
> - If it doesn't cause problems, how do I disable them?Is it the same ol' 
> 'RestrictAnonymous==1'??

As to whether or not this will break stuff, it probably won't, but that all
depends on what your clients are used to.  If all clients are members of the
AD domain, you shouldn't notice any difference.  If your clients are in
'workgroup mode' or you regularly provide access to machines that belong to
other AD domains, then you may experience problems.

As far as disabling it, yes, RestrictAnonymous, or Local/Group Security
Policy (it's all the same).  Note that starting in 2000 there is also a '2'
value that not only prevents anonymous enumeration of accounts and shares,
it essentially prevents any anonymous access at all.  If all concerned are
members of the same AD domain, this is the recommended setting.  1 is really
there for backward compatibility to NT4 domains and clients.

PaulM


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------