Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: LDAP allows anonymous binds

from [George A. Theall] Network Security [Permanent Link]
Subject: Re: LDAP allows anonymous binds
Date: Tue, 13 Nov 2007 21:52:10 -0500 
On 11/13/07 12:30, PJ Bender wrote:


  When Nessus was run against our two Domain Controllers, we received 
the following report:

*Synopsis*: It is possible to disclose LDAP information.

...

*Solution*: Disable NULL BIND on your LDAP server

...

 I  don’t think it is this problem.


FWIW, the plugin actually tries to query a server without authenticating 
(ie, a "NULL BIND") and checks for a response. So it might be useful to 
capture packets to/from the affected LDAP services and see what is being 
returned.


Can someone let me know where I can go to find a method(s) to disable 
the null bind on my Windows 2003 LDAP server(s)?


Have you searched Microsoft's site? For example: check out the 
discussion of "dsHeuristics" in:

   http://support.microsoft.com/kb/326690/

George
-- 
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Nikto on Nessus 3 Client?, George A. Theall
Next by Date:  implications/feasibility of running nessus with higher privilege levels, SantoshKumar_Mishra
Previous by Thread:  LDAP allows anonymous binds, PJ Bender
Next by Thread:  Re: LDAP allows anonymous binds, Mike . Vasquez
Indexes:  [Date] [Thread] [Top] [All Lists]