Skip to main content
Computing at CornellCIT Contact Center (HelpDesk)

Enumeration though null sessions Remediation Resources

There are a number of security vulnerabilities related to Windows' NetBIOS. This page addresses concerns related to null session NetBIOS connections.

From Microsoft Corp.:

"Customers who want enhanced security have requested the ability to optionally restrict this functionality. Windows NT 4.0 Service Pack 3 and a hotfix for Windows NT 3.51 provide a mechanism for administrators to restrict the ability for anonymous logon users (also known as NULL session connections) to list account names and enumerate share names."

Background and instructions for NT systems can be found at: http://support.microsoft.com/support/kb/articles/Q143/4/74.ASP

Background and instructions for Windows 2000 systems can be found at: http://support.microsoft.com/support/kb/articles/Q246/2/61.ASP

BACKGROUND INFORMATION

From Microsoft:

" The NULL session and the Guest account have been shrouded in mystery for some time. While various aspects have been documented in Knowledge Base articles, there has really been no formal documentation of what they mean and how they are used. "

The above is excerpted from a very informative article discussing authentication, authorization and null sessions. The article can be found at: http://www.microsoft.com/msj/defaultframe.asp?page=/msj/0299/security/security0299.htm&nav=/msj/0299/newnav.htm

From the SecurityFocus:

"So what is the big deal? Well, anyone with a NetBIOS connection to your box can easily get a full dump of all your usernames, groups, shares, permissions, policies, services and more using the Null user. Needless to say, that is a tremendous amount of information for an attacker to have when attempting to breach your network's security. Programs like DumpSec (formerly DumpACL) exist solely for that purpose, and are quite popular as a result. By explicitly connecting to the target box as the Null user via the [net use \\server "" /user:""] command and then making NET* enumeration API calls like NetServerGetInfo (supported by the Netapi32 library), you will be well on your way to enumerating username and policy data on the target system."

The full article can be found at: RestrictAnonymous: Enumeration and the Null User, http://www.securityfocus.com/infocus/1352