Null session definition
A null session is an anonymous connection (with no username or password) to unprotected shares of a Windows system. Null sessions let attackers get host configuration details, such as share names and Windows user IDs. This, in turn, allows editing some parts of the system’s remote registry.
Information revealed by null sessions
- Usernames
- Active users
- Active processes
- Security policy
- System configuration
Stopping a null session attack
- Upgrade to the latest version of Windows
- Download the latest Windows security updates
- Disable null sessions in Windows control settings
- Disable file and printer sharing for Microsoft networks (if it is unnecessary)
- Block NetBIOS on your Windows server