Windows 2000 Vulnerability Highlights
2001-07-18 00: 01: 10 · · Miao Rain ·· Yesky
NetBIOS information leaks Next we talk about Netbios' sharing invasion. This problem has never resolved from NT just released now. And it has always been the most common intrusion of the NT system architecture. It is particularly worth mentioning that the IPC $ Null Session is known in the NT system. Although the SP3 can be restricted by modifying the registry. But I don't know why Windows2000 is still inoperable, I keep this empty dialogue. Then let's take a look at the empty session to bring about what kind of information gives intruders: NET USE // Server / IPC $ "" / user: "// This command is used to create an empty space NET View // Server // This command is used to view remote servers shared resource server name comments --------------------------------- ------------------ // pc1 // PC2 command successfully completed. The NET TIME // Server // This command is used to get the current time of a remote server. NBTSTAT -A Server // This command is used to get the remote server NetBIOS username Netbios Remote Machine Name Table Name Type Status ------------------------------------------------------------------------------------------------------ --------------------- Null <00> Unique RegisteredNull <20> Unique RegisteredInternet <00> Group RegisteredXiXi <03> Unique Registeredinet ~ Services <1c> Group Registeredis ~ NULL ...... <00> UNIQUE RegisteredINTERNET <1E> GROUP RegisteredADMINISTATOR <03> UNIQUE RegisteredINTERNET <1D> UNIQUE Registered ..__ MSBROWSE __. <01> GROUP Registered MAC Address = 00-54-4F-34-D8-80 Look, just have used the commands that have been brought by several systems, so we have any way to get someone else to get so much information? Only by simple modification registration table is once again. HKEY-LOCAL_MACHINE / SYSTEM / CURRENTCONTROSET / CONTROL / LSAVALUE NAME: RESTRICTANOMOMODATA TYPE: REG_DWORDVALUE: 1 But if you do not need to open sharing. Then why not ban it? The method and NT4 in Windows2000 are slightly different. It does not limit TCP / IP bindings on Netbiso, but we can select advanced (V) options in the setup panel of the Internet Protocol (TCP / IP) property, then select TCP / IP filtering, then click to enable TCP / IP filtering Finally, only the TCP port is selected, and then you can add the port you want to open.
