Named pipes
Jump to navigation
Jump to search
A named pipe is a Windows specific interprocess communication method that allows processes on the same or different systems to communicate with each other. This setting allows you to define exceptions to the "Network Access: Restrict anonymous access to Named Pipes and Shares" setting below. Pipes listed in this setting can still be accessed anonymously (aka Null Session) even if "Network Access: Restrict anonymous access to Named Pipes and Shares" is enabled. This setting is necessary since there are a few components of Windows with name pipes that must allow anonymous access in order to function.
- https://blogs.msdn.microsoft.com/spatdsg/2006/05/15/fyi-changes-to-null-session-pipes-post-2k3-sp1/
- https://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/Network-access-Named-Pipes-that-can-be-accessed-anonymously
- http://www.hsc.fr/ressources/articles/win_net_srv/hardcoded_named_pipes.html
- http://blueteamer.blogspot.be/2015/03/adventures-with-null-sessions-are-they.html
- https://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec385226.html
Well-known MSRPC named pipes
http://www.hsc.fr/ressources/articles/win_net_srv/well_known_named_pipes.html
services making legit use of unauthenticated named pipes
- Windows DFS -> netlogon
- Seen trendmicro services
- netapp connects anonymouslynetapp connects anonymously