Re: Terminal Services Holes
From: M. Burnett (mburnett@xato.net)Date: 11/17/01
- Previous message: Dan Richardson: "Terminal Services Holes"
- In reply to: Dan Richardson: "Terminal Services Holes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <20011117224920.23822.qmail@securityfocus.com> From: "M. Burnett" <mburnett@xato.net> To: <dan.richardson@paradise.net.nz>, <pen-test@securityfocus.com> Date: Sat, 17 Nov 2001 15:46:51 GMT Subject: Re: Terminal Services Holes
> if anyone has any information on how to better
> log (on the Win2k box itself), please let me know.
Xato recently posted an advisory that shows how to use windump to log
TCP/IP addresses of terminal services connections (even before the
user logs in).
You can read the advisory at
http://www.xato.net/reference/xato-112001-01.txt
WinDump can be found at
http://netgroup-serv.polito.it/windump/
And the command to run is:
C:\>windump "tcp dst port 3389 and tcp[13] & 3 !=0"
Mark Burnett
www.xato.net
www.iis-insider.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: Dan Richardson: "Terminal Services Holes"
- In reply to: Dan Richardson: "Terminal Services Holes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
