Skip to main content

Posts

Showing posts from May, 2011

Disable NetBIOS

NetBIOS an acronym for Network Basic Input/Output System. It provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network. As strictly an API, NetBIOS is not a networking protocol. [Reference:http://en.wikipedia.org/wiki/NetBIOS] Risks of NetBIOS: 1)NetBIOS Null Session Enabled: A NetBIOS null session allows users to connect to a host remotely with no username and password and perform a limited set of administrative tasks. Null sessions allow the remote user to gather information such as: 1. List users 2. List groups 3. List shares (including hidden shares) 4. Policies (such as minimum password length, etc.) While the enumerated information is not an immediate risk, much of the information can be leveraged to launch an attack to gain user or administrative privilege. All steps should be taken to eliminate the vulnerability and/or reduce the information available to the attacker. 2)NBTSTAT : All M

Testing for SSH

This is written for specific scenario so may differ from yours. There are few ways to find if SSH is enabled on the remote machine or not. 1). Log onto the Linux machine and type the following command: netstat –a or netstat –a | grep ssh It will list down all the services running on the machine. Look for ssh or port 22, if that is enabled you can see like ftp and smtp: 2). Another way is to use Putty to connect the remote Linux machine. Select ssh and port 22 and try to connect. If connection established, then ssh is there otherwise, probably not-It's not a fool proof method however. 3) One more option is run port scanner such as nmap. It will list down all the services running on the machine.