Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSA - How do I block windows enumeration?

FYI - running

I cloned many of the example modules used for hardening a machine, such as:

IP Stack Hardening

System Hardening

Windows LSASS Security

Windows Service Host Security

If I run SuperScan 4 against my test host (which has various web ports, sql, tftp, etc.) using default settings, CSA denies access to the TCP ports but still shows the UDP ports including banner information. The default setting for TCP's scan type is SYN. However if I change the scan type to Connect, I can succesfully see all of my TCP ports and their banner information.

Another tool in SuperScan is Windows Enumeration - I'm able to gather Netbios info, connect with a Null session, get all the MAC addresses, map out all the RPC endpoints, and get the machines date/time and uptime.

How can I use CSA to block this?


Re: CSA - How do I block windows enumeration?

Create a Network Shield rule that has all the boxes checked.

All you should get is the name, MAC address with Windows enumeration and a couple of open ports with Scan.

If you turn off the Server service and disable NetBIOS over TCP, you get pretty much nothing with Windows enumeration.