Re: MS Terminal Services open to the world
From: Robert G. Ferrell (rferrell@texas.net)
Date: 01/10/03
- Previous message: Joshua Haines: "RAID 2003 CFP"
- Maybe in reply to: Ralph Los: "MS Terminal Services open to the world"
- Next in thread: Deus, Attonbitus: "Re: MS Terminal Services open to the world"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 10 Jan 2003 11:19:48 -0600 To: Pen-test@securityfocus.com From: "Robert G. Ferrell" <rferrell@texas.net>
At 10:09 AM 1/10/03 -0500, Ralph Los wrote:
> I've got a pretty good client of mine who absolutely refuses to heed
>my warnings about keeping Terminal Services open to the world. They rely on
>Windows passwords and figure that's strong enough for all their servers
>(management). Now I'm given the task of auditing their
>security/infrastructure and would like to come up some creative ways to back
>up my point about MS TS open to the Internet being a bad idea.
>
>Any thoughts or input is appreciated.
Not to be too obvious, why not hit them with a simple brute force/dictionary
attack? Or slap on a packet dumper and sniff their clear text traffic?
RGF
Robert G. Ferrell
rgferrell@direcway.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Next message: Dave Aitel: "Re: remote privilege escalation"
- Previous message: Joshua Haines: "RAID 2003 CFP"
- Maybe in reply to: Ralph Los: "MS Terminal Services open to the world"
- Next in thread: Deus, Attonbitus: "Re: MS Terminal Services open to the world"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
