RE: [Full-Disclosure] Re: Terminal Server vulnerabilities

From: Bob the Builder (builder173_at_hotmail.com)
Date: 01/25/05

  • Next message: larry_seltzer_is_a_fraud_at_canada.com: "[Full-Disclosure] Re: Terminal Server vulnerabilities"
    To: dan@losangelescomputerhelp.com, full-disclosure@lists.netsys.com, daniels@Ponderosatel.com
    Date: Tue, 25 Jan 2005 10:30:07 +0000
    
    

    Are any of the vulnerabilities in this google search even vaguely current?
    They all seem to be at least a couple of years old, I don't recall anything
    recent, posting NT 4 and pre Win2k SP3 issues is hardly contradicts the MS
    statement that there are no current issues. The main security issue with
    Terminal Services that I see its susceptability to brute force password
    attacks. If you are really really paranoid about running Terminal Services
    then tunnel it over either SSH or IPSec. I would point out that there have
    been root compromises in SSH fairly recently too!

    Also, as a usability asside make sure you set session time outs or you risk
    finding yourself accidentally locked out of the box if you have too many
    dodgey disconnected sessions. I usually set active:1day, inactive:1hr,
    disconnected:10mins. That way if the box is monkeying about or people leave
    sessions open you can still get in - useful if the box is too far away to go
    to the console.

    Cheers,

    Bob

    -----Original Message-----
    From: Daniel H. Renner [mailto:dan@losangelescomputerhelp.com]
    Sent: 25 January 2005 07:19
    To: full-disclosure@lists.netsys.com
    Subject: [Full-Disclosure] Re: Terminal Server vulnerabilities

    Original message:
    >Date: Mon, 24 Jan 2005 15:52:55 -0800
    >From: "Daniel Sichel" <daniels@Ponderosatel.com>
    >
    >They claim there are no unfixed vulnerabilities to Terminal Server on
    >Windows Server 2000 Service Pack 4.
    >
    >I find that hard to believe and I know you guys will know if they are full
    >of it, or they are correct. Please let me know ASAP of any CURRENT
    >vulnerabilities int Terminal Server.
    Dan,

    Try here for starters:
    http://www.google.com/search?q=%22windows+terminal+server%22+exploit&sourceid=mozilla&start=0&start=0&ie=utf-8&oe=utf-8
    (2,310 results)

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: larry_seltzer_is_a_fraud_at_canada.com: "[Full-Disclosure] Re: Terminal Server vulnerabilities"

    Relevant Pages