Anonymous User Connections

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

Red Button access hack uses Anonymous User Connections , also called Null User Connection, to discover which account is the NT administrative account and what are the network shares. Disable by preventing anonymous connections to domains. This is block a significant informational exposure. Caution: this can have severe consequences on sql server access and creating/maintaining domain trusts. Registry hack:

Key: SYSTEM\CurrentControlSet\Control\Lsa
Name: RestrictAnonymous
Value: 1

To see the level of informational exposure NT has as default, download winfo and run it against your PDC. Also check my page on Penetration Testing, Hacking and Intrusion Detection.

Q143474 - Restricting Information Available to Anonymous Logon Users
Q184018 - NDS for NT does not support restrict anonymous connections
Q168464 - Directory Replication Fails with Event ID 3216

See Also

Featured Links