(prevent + detect Arp spoofing) + Securing Terminal Services

From: Dan Rowe (suedes098_at_yahoo.com)
Date: 05/08/03

  • Next message: Deus, Attonbitus: "Re: (prevent + detect Arp spoofing) + Securing Terminal Services"
    Date: 8 May 2003 20:02:43 -0000
    To: focus-ms@securityfocus.com
    ('binary' encoding is not supported, stored as-is)

    Hello all,
        My name is Dan, and i am participating in a CTF contest
        I am going to be running a windows 2003 server, and administering it
    remotely using Terminal services.
        I heard about the man-in-the-middle exploit that has been found for
    terminal services, and have learned that using ssl with terminal services
    can avoid this exploit, but in my case, i am unable to use ssl.
        Last years contest went to a group that had wrote the Openssh to main
    in the middle everyone using linux, but weren't able to affect the
    windows users, this year they focused on writing such a program for
    terminal services. So you can see my concern. If i can administer my
    machine remotely and safely then i will have a decent chance of getting
    into other peoples, and keeping my services (web, mail,..etc) alive and
        So the question is how might i secure terminal services? from the
    server side only? I thought that if i configure the arp table on the
    server and enter the gateway as a static entry, and only allow it to
    connect to terminal services then i might have a fighting chance, becuase
    the MITM attack is based on arp poisoning.

      Thanks for your time and help


     p.s. if you have any other ideas or software for securing a server in a
    very very hostile network, please let me know.

    FastTrain has your solution for a great CISSP Boot Camp. The industry`s most
    recognized corporate security certification track, provides a comprehensive
    prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
    of pertinent security tools. For a limited time you can enter for a chance
    to win one of the latest technological innovations, the SEGWAY HT.
    Log onto http://www.securityfocus.com/FastTrain-focus-ms

  • Next message: Deus, Attonbitus: "Re: (prevent + detect Arp spoofing) + Securing Terminal Services"

    Relevant Pages

    • Re: Allowing internet access in Terminal sessions...
      ... It's up to you on the amount of pain you want to give your users but there are easier ways of controlling those things you want which is through proper zone configuration. ... Microsoft MVP - Terminal Services ... will it allow scripts etc to be run by users on the server? ... Explorer 7 security is set to MEDIUM-HIGH on servers, and anytime a user will try to access a web site, they will get the "Content being blocked" pop-up and have to CLOSE or ADD the sites they are trying to view. ...
    • Windows 2000 Security Roll-up and Terminal Services
      ... I recently installed the Windows 2000 Security Roll-up on several servers ... and had some troubles with Terminal Services afterwards. ... On another server, terminal services ...
    • RE: MS Terminal Services open to the world
      ... Terminal Services Security ... Running Terminal Services may expose your domain to significant security ... Terminal Server deployment. ... the Terminal Services Client supports version checking. ...
    • Re: Windows Server without AD?
      ... It does have Terminal Services ... Single server for the organization. ... What are the security implications of not having AD installed? ... Resetting the admin password on a domain controller isn't significantly ...
    • Re: Time zone redirection
      ... Administration and full-blown Terminal Services. ... MCSE, CCEA, Microsoft MVP - Terminal Server ... client connections:-O. ... Well - obviously that does not work in Remote Desktop Admin mode ...