CSA - How do I block windows enumeration?

Unanswered Question
Feb 1st, 2007

FYI - running

I cloned many of the example modules used for hardening a machine, such as:

IP Stack Hardening

System Hardening

Windows LSASS Security

Windows Service Host Security

If I run SuperScan 4 against my test host (which has various web ports, sql, tftp, etc.) using default settings, CSA denies access to the TCP ports but still shows the UDP ports including banner information. The default setting for TCP's scan type is SYN. However if I change the scan type to Connect, I can succesfully see all of my TCP ports and their banner information.

Another tool in SuperScan is Windows Enumeration - I'm able to gather Netbios info, connect with a Null session, get all the MAC addresses, map out all the RPC endpoints, and get the machines date/time and uptime.

How can I use CSA to block this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
tsteger1 Mon, 02/05/2007 - 16:00

Create a Network Shield rule that has all the boxes checked.

All you should get is the name, MAC address with Windows enumeration and a couple of open ports with Scan.

If you turn off the Server service and disable NetBIOS over TCP, you get pretty much nothing with Windows enumeration.



This Discussion