Anonymous User Connections


Red Button access hack uses Anonymous
User Connections
, also called Null User
Connection
, to discover which account is the NT administrative account
and what are the network shares. Disable by preventing anonymous connections to
domains. This is block a significant informational exposure. Caution: this can
have severe consequences on sql server access and creating/maintaining domain
trusts. Registry hack:

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Control\Lsa
Name:
RestrictAnonymous
Type: REG_DWORD
Value: 1

To see the level of informational exposure NT has as default, download winfo
and run it against your PDC. Also check my page on Penetration Testing, Hacking and Intrusion Detection.

Related:
Q143474 – Restricting Information Available to Anonymous Logon
Users

Q184018 – NDS for NT does not support restrict anonymous
connections

Q168464 – Directory Replication Fails with Event ID 3216

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top