Because I made the same experience with our w2k boxes I recommend as follows:
1. Change the displayed text of the plugin to dispay that it "might be a vulnerability..." (the teethless version) 2. Produce a new plugin that tries to reach IPCs (the aggressive version) Christoph > On Thu, Apr 11, 2002 at 08:14:16AM +0200, BOUR Daniel wrote: > > I have exactly the same problem. > > Nessus get a Null session vulnerability with RA=2 under W2K. When i > > try a Null connection to the server, it can't connect. I'm using > > nessus 1.0.10, but i had the same problem with previous stable > > version. I try with nessus 1.1.14, he found a Null session > > vulnerability. Is that a false positive in Nessus ? > > No. It turns out that with RA=2, it is possible to log into a > remote host networkwise (meaning that when a null > login/password is sent, no error message is sent back), but > nothing else can be done. See that as a valid unix > username/password with /bin/cat has a shell (the point being > that a null session gets past the authentication phase) > > I don't know if I should change the plugin to make sure IPC$ > can be reached. On the one hand, this would fix this > inconvenience, but OTOH maybe we'll discover in the future > that a null session with RA=2 can access a weird pipe or > crash the remote server by doing some weird request or do > whatever stuff I don't want to think about. Comments are welcome. > > > > -- Renaud >
