Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: LDAP allows anonymous binds

from [Mike . Vasquez] Network Security [Permanent Link]
Subject: Re: LDAP allows anonymous binds
Date: Wed, 14 Nov 2007 08:35:18 -0700 
I did some research on the issue and the information for me was 
inconclusive --

I found this post: 
http://www.derkeiler.com/Newsgroups/microsoft.public.win2000.security/2005-10/0239.html

Date: Wed, 19 Oct 2005 12:07:35 -0400

You can't disable anonymous/NULL bind. LDAP V3 requires it for the 
rootdse. 
However, a null bind doesn't necessarily give you access to domain or 
config 
data. In fact, if you are running Windows Server 2003 AD you have to 
specifically enable anonymous access on the ACLs to retrieve data

Here's a kb article about anonymous ldap operations:
http://support.microsoft.com/kb/326690
Anonymous LDAP operations to Active Directory are disabled on Windows 
Server 2003 domain controllers

SUMMARY
By default, anonymous Lightweight Directory Access Protocol (LDAP) 
operations to Active Directory, other than rootDSE searches and binds, are 
not permitted in Microsoft Windows Server 2003. 

There's another nice article here:
http://www.petri.co.il/anonymous_ldap_operations_in_windows_2003_ad.htm

Based on that information, I'm not convinced it's a great concern on 
Win2k3.  I would be interested in the impact of disabling it, per the 
information provided.  I'm a bit concerned about the possible fallout from 
a change.

Thanks,

Mike




"George A. Theall" <theall@tenablesecurity.com> 
Sent by: nessus-bounces@list.nessus.org
11/13/2007 07:52 PM

To
nessus@list.nessus.org
cc

Subject
Re: LDAP allows anonymous binds






On 11/13/07 12:30, PJ Bender wrote:


  When Nessus was run against our two Domain Controllers, we received 
the following report:

*Synopsis*: It is possible to disclose LDAP information.

...

*Solution*: Disable NULL BIND on your LDAP server

...

 I  don?t think it is this problem.


FWIW, the plugin actually tries to query a server without authenticating 
(ie, a "NULL BIND") and checks for a response. So it might be useful to 
capture packets to/from the affected LDAP services and see what is being 
returned.


Can someone let me know where I can go to find a method(s) to disable 
the null bind on my Windows 2003 LDAP server(s)?


Have you searched Microsoft's site? For example: check out the 
discussion of "dsHeuristics" in:

   http://support.microsoft.com/kb/326690/

George
-- 
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Plugin 26919, Nelson, C.M.
Next by Date:  Re: Plugin 26919, Ron Gula
Previous by Thread:  Re: LDAP allows anonymous binds, George A. Theall
Next by Thread:  implications/feasibility of running nessus with higher privilege levels, SantoshKumar_Mishra
Indexes:  [Date] [Thread] [Top] [All Lists]