Re: Xato Advisory: Win2k/XP Terminal Services IP Spoofing
From: Woodrick, Ed (ewoodrick@ED-COM.COM)Date: 11/20/01
- Previous message: Jurjen Oskam: "Re: IIS logging issue"
- Maybe in reply to: sozni: "Xato Advisory: Win2k/XP Terminal Services IP Spoofing"
- Next in thread: sozni: "Re: Xato Advisory: Win2k/XP Terminal Services IP Spoofing"
- Reply: sozni: "Re: Xato Advisory: Win2k/XP Terminal Services IP Spoofing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <D6B6DC3C607F354D9A4ACB1D8741FCCB938B@iago.ed-com.net> Date: Tue, 20 Nov 2001 17:02:36 -0500 From: "Woodrick, Ed" <ewoodrick@ED-COM.COM> Subject: Re: Xato Advisory: Win2k/XP Terminal Services IP Spoofing To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
I believe that this is somehow related to another bug. When a user logs
on, it is possible for another user to hit keys on the keyboard or even
move the cursor and make mouse clicks. This can lead to disastrous loss
of data.
OTOH, the field is labeled "Client Address" It is not labeled "Address
of the client or the last NAT that the client goes through" In my book,
to change the value of the field would make it incorrect. Maybe you
could lobby for an additional field, but the one I see seems to be quite
correct.
While I'm sure that the client address can be spoofed by modifying the
Terminal Server Client, as far as I can tell, the current client can not
be made to spoof the address, therefore I say that the function is
performing EXACTLY as specified.
Ed Woodrick
-----Original Message-----
From: sozni [mailto:sozni@XATO.NET]
Posted At: Wednesday, November 14, 2001 6:09 AM
Posted To: NTBugTraq
Conversation: Xato Advisory: Win2k/XP Terminal Services IP Spoofing
Subject: Xato Advisory: Win2k/XP Terminal Services IP Spoofing
----------------------------------------------------------------------
Xato Network Security, Inc.
www.xato.net
Security Advisory XATO-112001-01
November 7, 2001
WINDOWS 2000 AND XP TERMINAL SERVICES IP ADDRESS SPOOFING
======================================
Delivery co-sponsored by Trend Micro, Inc.
======================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?siS&bi$5&ul=http://www.a
ntivirus.com/smex2000_rebate
- Previous message: Jurjen Oskam: "Re: IIS logging issue"
- Maybe in reply to: sozni: "Xato Advisory: Win2k/XP Terminal Services IP Spoofing"
- Next in thread: sozni: "Re: Xato Advisory: Win2k/XP Terminal Services IP Spoofing"
- Reply: sozni: "Re: Xato Advisory: Win2k/XP Terminal Services IP Spoofing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
