We recently had a 3rd party security company do an internal penetration test on our Windows 2000 AD domain. One of the things that they found was that our domain controllers were allowing anonymous LDAP binds. I can not find any information on how to disable this and what the results may be. Any ideas?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Anonymous LDAP Binds 1
- Thread starter RoderickM
- Start date
-
1
- #2
Well, first...this changes in Windows 2003 servers:
Second, there are a lot of anonymous things that can be done in Windows 2000 ... anonymous binds are one of them:
A quick explanation here: and here: Do the opposite to Windows here:
Also, this is all very similar to enumerating SIDS on user accounts using null sessions. Check out the NTWardoc online. Google it. While they didn't mention you have this open, it would be a worthy read to better explain anonymous binds and logins.
Second, there are a lot of anonymous things that can be done in Windows 2000 ... anonymous binds are one of them:
A quick explanation here: and here: Do the opposite to Windows here:
Also, this is all very similar to enumerating SIDS on user accounts using null sessions. Check out the NTWardoc online. Google it. While they didn't mention you have this open, it would be a worthy read to better explain anonymous binds and logins.
computer config\windows settings\security settings\local policies\security options
you will see items in there for disabling alot of security and enabling...be careful though
u can disable in here
-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there
you will see items in there for disabling alot of security and enabling...be careful though
u can disable in here
-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there
- Thread starter
- #4
Tekmazter,
Thanks for all of the info. It looks like for me that the risk of loss of production is higher than the vulnerability. ISS considers this a low risk, but to correct it is a high risk for me since we have some NT4 systems on our domain.
Thanks for all of the info. It looks like for me that the risk of loss of production is higher than the vulnerability. ISS considers this a low risk, but to correct it is a high risk for me since we have some NT4 systems on our domain.
yes you need it disabled then
keep your current config
-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there
keep your current config
-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there
- Status
Similar threads
- Locked
- Question
- Locked
- Question