Null session

A null session is an anonymous connection to an inter-process communication network service on Windows-based computers.[1] The service is designed to allow named pipe connections[2] but may be used by attackers to remotely gather information about the system.[3]

Exposure

From a NULL session, hackers can call APIs and use Remote Procedure calls to enumerate information. These techniques can, and will provide information on passwords, groups, services, users and even active processors. NULL session access can also even be used for escalating privileges and perform DoS attacks.

— Ixis Research LTD[4]

References

  1. ^ "Null Session Attacks and How to Avoid Them". Retrieved 2016-01-05.
  2. ^ "IPC$ share and null session behavior in Windows". Microsoft. Retrieved 2016-01-05.
  3. ^ "The Anatomy of a Attack". Retrieved 2016-01-05.
  4. ^ "How is information enumerated through NULL session access, Remote Procedure Calls and IPC$?". Ixis Research LTD. Archived from the original on 8 February 2016. Retrieved 24 February 2013.


Stub icon

This computer networking article is a stub. You can help Wikipedia by adding missing information.

Content Disclaimer

Informasi ini disarikan dari Wikipedia dan disajikan kembali untuk tujuan edukasi. Konten tersedia di bawah lisensi CC BY-SA 3.0. Kami tidak bertanggung jawab atas ketidakakuratan data yang bersumber dari kontribusi publik tersebut.

  1. The information displayed on this website is sourced in part or in whole from Wikipedia and has been adapted for the purpose of restating it. We strive to provide accurate and relevant information, however:
  2. There is no guarantee of absolute accuracy. Wikipedia is an open, collaborative project that can be edited by anyone, so information is subject to change.
  3. It is not intended to constitute professional advice. The content displayed is for informational and educational purposes only. For important decisions (e.g., medical, legal, or financial), please consult a professional.
  4. Content copyright. Wikipedia is licensed under the Creative Commons Attribution-ShareAlike License (CC BY-SA). This means that content may be reused with appropriate attribution and shared under a similar license.
  5. Responsible use. Any risk arising from the use of information from this website is entirely the responsibility of the user.