Red Button access hack uses Anonymous
User Connections , also called Null User
Connection, to discover which account is the NT administrative account
and what are the network shares. Disable by preventing anonymous connections to
domains. This is block a significant informational exposure. Caution: this can
have severe consequences on sql server access and creating/maintaining domain
trusts. Registry hack:
Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Control\Lsa
Name:
RestrictAnonymous
Type: REG_DWORD
Value: 1
To see the level of informational exposure NT has as default, download winfo
and run it against your PDC. Also check my page on Penetration Testing, Hacking and Intrusion Detection.
Related:
Q143474 – Restricting Information Available to Anonymous Logon
Users
Q184018 – NDS for NT does not support restrict anonymous
connections
Q168464 – Directory Replication Fails with Event ID 3216