MS Terminal Services open to the world

• Previous message: Christopher Lyon: "RE: Checkpoint FW-1 on Nokia - potential user enumeration bug?"
• Next in thread: Puterbaugh, Mike: "RE: MS Terminal Services open to the world"
• Maybe reply: Puterbaugh, Mike: "RE: MS Terminal Services open to the world"
• Reply: Don Voss: "Re: MS Terminal Services open to the world"
• Reply: Dominick Baier: "AW: MS Terminal Services open to the world"
• Reply: Curt Purdy: "RE: MS Terminal Services open to the world"
• Maybe reply: Robert G. Ferrell: "Re: MS Terminal Services open to the world"
• Maybe reply: Deus, Attonbitus: "Re: MS Terminal Services open to the world"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Ralph Los" <RLos@enteredge.com>
To: "'Pen-test@securityfocus.com'" <Pen-test@securityfocus.com>
Date: Fri, 10 Jan 2003 10:09:28 -0500

Hello all,

        I've got a pretty good client of mine who absolutely refuses to heed
my warnings about keeping Terminal Services open to the world. They rely on
Windows passwords and figure that's strong enough for all their servers
(management). Now I'm given the task of auditing their
security/infrastructure and would like to come up some creative ways to back
up my point about MS TS open to the Internet being a bad idea.

Any thoughts or input is appreciated.

Ralph

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Brewis, Mark: "RE: common criteria draft"
• Previous message: Christopher Lyon: "RE: Checkpoint FW-1 on Nokia - potential user enumeration bug?"
• Next in thread: Puterbaugh, Mike: "RE: MS Terminal Services open to the world"
• Maybe reply: Puterbaugh, Mike: "RE: MS Terminal Services open to the world"
• Reply: Don Voss: "Re: MS Terminal Services open to the world"
• Reply: Dominick Baier: "AW: MS Terminal Services open to the world"
• Reply: Curt Purdy: "RE: MS Terminal Services open to the world"
• Maybe reply: Robert G. Ferrell: "Re: MS Terminal Services open to the world"
• Maybe reply: Deus, Attonbitus: "Re: MS Terminal Services open to the world"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: ettercap help ... Anyways have never tried Ettercap for VNC. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test) RE: How to Tackle the Legal Tangle? ... How to Tackle the Legal Tangle? ... >This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) RE: CFM SQL injection ... You should better use union or alike get unauthorized data from the ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: ettercap help ... > I can get it to sniff telnet, ftp, pop, smb, but no vnc. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: Wardialing ... >>> achieving the connection with the modem. ... >>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test)