Null session attack is an exploit that uses unauthenticated NetBIOS connections to enumerate a target host.
Usually Microsoft Windows Servers run many services and programs. Some of these services then communicate with other windows servers to complete some specific tasks. For such communications and tasks to complete successfully, windows servers also logs into a remote windows server using a blank username and password. This is referred as a “Null Session”.
However, its not only always the genuine servers that can login to the remote server but also hackers who have enough skills can do so and its not that tough either. They can use this to obtain NetBios information from this machine, and to perform various other exploits against this machine. This is referred to as a “Null Session Attack”.
To carry out a Null Session attack, in most of the occasions hackers try to get a command promt (cmd.exe).
Protect your computer from a Null Session Attacks
Null Session Attacks are mostly carried out on ports 139 and 445 on a Windows PC. Therefore the best option is to is to simply block SMB communications by limiting traffic on TCP ports 139 and 445 (excluding NT which doesn’t use 445) to trusted networks. If you use Windows XP, install service pack 3 without any delays. SP3 has an improved firewall which prevents null session attacks, so that at least if someone tries to login to your computer over the internet, it is blocked.
Null session attacks
November 01, 2010 / by Kushan Sharma / with No comments /
Related Posts:
Cracking Passwords with John the Ripper John the Ripper (JtR) is a password cracking tool originally produced for UNIX-based systems. It was designed to test password strength, brute-force… Read More
Usefull OIDs when using snmpwalkWhen conducting reconnaissance activities to discover the IP address details of public facing network devices which has SNMP enabled, snmpwalk will be… Read More
Searching Through /var/log FolderTo check for all user logins and logsouts#last -f wtmpWtmp is a file on the Linux, Solaris, and BSD operating systems that keeps a history of all logi… Read More
Download Youtube Playlists in UbuntuI wanted to download youtube playlists and I decided to use youtube-dl on my Ubuntu instance. I thoguht of writing this article considering that some … Read More
Lessons to Learn from Recent Cyber Attacks in Australia Multiple IT network infrastructures that belong to the Austrailian government and private sector organizations have been targeted by a large-scale cy… Read More
0 comments:
Post a Comment