(prevent + detect Arp spoofing) + Securing Terminal Services

From: Dan Rowe (suedes098_at_yahoo.com)
Date: 05/08/03

  • Next message: Deus, Attonbitus: "Re: (prevent + detect Arp spoofing) + Securing Terminal Services"
    Date: 8 May 2003 20:02:43 -0000
    To: focus-ms@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is)

    Hello all,
        My name is Dan, and i am participating in a CTF contest
        http://crew.ccs.neu.edu/ctf/
        I am going to be running a windows 2003 server, and administering it
    remotely using Terminal services.
      
        I heard about the man-in-the-middle exploit that has been found for
    terminal services, and have learned that using ssl with terminal services
    can avoid this exploit, but in my case, i am unable to use ssl.
        Last years contest went to a group that had wrote the Openssh to main
    in the middle everyone using linux, but weren't able to affect the
    windows users, this year they focused on writing such a program for
    terminal services. So you can see my concern. If i can administer my
    machine remotely and safely then i will have a decent chance of getting
    into other peoples, and keeping my services (web, mail,..etc) alive and
    kick.
        So the question is how might i secure terminal services? from the
    server side only? I thought that if i configure the arp table on the
    server and enter the gateway as a static entry, and only allow it to
    connect to terminal services then i might have a fighting chance, becuase
    the MITM attack is based on arp poisoning.

      Thanks for your time and help

      Dan

     p.s. if you have any other ideas or software for securing a server in a
    very very hostile network, please let me know.

    -----------------------------------------------------------------------------
    FastTrain has your solution for a great CISSP Boot Camp. The industry`s most
    recognized corporate security certification track, provides a comprehensive
    prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
    of pertinent security tools. For a limited time you can enter for a chance
    to win one of the latest technological innovations, the SEGWAY HT.
    Log onto http://www.securityfocus.com/FastTrain-focus-ms
    ------------------------------------------------------------------------------


  • Next message: Deus, Attonbitus: "Re: (prevent + detect Arp spoofing) + Securing Terminal Services"