Null Sessions

[A.M]

Hi,

What exactly are "Null sessions" or anonymous logons to windoes 2000 ?

My guess is Access to shares that are available for everyone group. Am I
correct?

Thanks,
Ali

 

[Bhavna Chauhan[MSFT]]

A null session is how Windows represents an anonymous user
For example, if a client A authenticates to B and allows B to imprersonate
A. Later on if B has to authenticate to C using A's credentials, it will
authenticate to C impersonating as A (because A allows impersonation to B).
When it connects to C, it establishes a null session on that machine,
instead of establishing a logon for A.
The good thing about this is that B cannot misuse A's credentials on the
network.

By granting access to 'Everyone', you are granting access to all users, both
authenticated and anonymous (null session tokens come under this)

 

[Steven L Umbach]

That is part of it. Null sessions are unathenticated sessions used primarily
in networking/file and print sharing, downlevel trusts, the browse service,
and some password changes. Null sessions can be used to extract a lot of
information from a computer such as security settings, and user and group
names which is why it is a vulnerability that can be expolited, particulary
by attackers from untrusted networks and why a firewall is important. There
are registry/security policy settings that can limit what info null sessions
can access such as "additional restrictions fro anonymous connections" in
W2K. The most restrictive setting should be used with care as it can break a
lot of things on a network, particularly if the network is not all W2K. See
the links below for more information. --- Steve

http://www.sans.org/rr/papers/index.php?id=286
http://support.microsoft.com/?kbid=246261
http://www.somarsoft.com/ -- Dumpsec tool for enumerating info