Null session attack is an exploit that uses unauthenticated NetBIOS connections to enumerate a target host.
Usually Microsoft Windows Servers run many services and programs. Some of these services then communicate with other windows servers to complete some specific tasks. For such communications and tasks to complete successfully, windows servers also logs into a remote windows server using a blank username and password. This is referred as a “Null Session”.
However, its not only always the genuine servers that can login to the remote server but also hackers who have enough skills can do so and its not that tough either. They can use this to obtain NetBios information from this machine, and to perform various other exploits against this machine. This is referred to as a “Null Session Attack”.
To carry out a Null Session attack, in most of the occasions hackers try to get a command promt (cmd.exe).
Protect your computer from a Null Session Attacks
Null Session Attacks are mostly carried out on ports 139 and 445 on a Windows PC. Therefore the best option is to is to simply block SMB communications by limiting traffic on TCP ports 139 and 445 (excluding NT which doesn’t use 445) to trusted networks. If you use Windows XP, install service pack 3 without any delays. SP3 has an improved firewall which prevents null session attacks, so that at least if someone tries to login to your computer over the internet, it is blocked.
Null session attacks
November 01, 2010 / by Kushan Sharma / with No comments /
Related Posts:
Huawei e3372 Modem not working with Ubuntu 16.04 LTSI was experiencing an issue with connecting my Mobile Broad band modem. I was using Ubuntu 16.04 LTS and Huawei e3372 Modem. To fix this issue. I foll… Read More
Ransomware for Mobile Devices on the Risep { margin-bottom: 0.1in; line-height: 120%; } In year 2016 and 2017, malware researchers have spotted a rapid growth in mobile malware including … Read More
Ransomware Worm Attack - WannaCry Ransomware attacks dubbed as “WannaCry” started to spread around the world on the 12th May 2017. In these attacks, data is encrypted with the exten… Read More
Common Secure Server Setups For Your Web ApplicationI have been receiving many queries from my industry peers regarding the best practice recommendations to securely deploy a web server. In many places … Read More
Update (Offline) Ubuntu 16.04 Kernal to Latest VersionRecently I was experiencing Wifi connectivity issue on my Ubuntu 16.04. It was running on Ubuntu 16.04 kernal version 4.4.0.x. Even though #lspci comm… Read More
0 comments:
Post a Comment