RE: Windows Remote Desktop

From: Shawn Jackson (sjackson_at_horizonusa.com)
Date: 01/16/04

  • Next message: Depp, Dennis M.: "RE: Windows Remote Desktop" 
    Date: Fri, 16 Jan 2004 14:56:48 -0800
To: <jamie@nucdc.org>, <security-basics@securityfocus.com>

            The RDP client with XP, at the link you mentioned, is an
    'enhanced' version of the RDP client. No changes were made to the RDP5
    protocol through, it just window-dressing. Now that said, I like the
    flexibility of the XP RDP client more then the W2K-TS client.

    Shawn Jackson
    Systems Administrator
    Horizon USA
    1190 Trademark Dr #107
    Reno NV 89521

    www.horizonusa.com
    Email: sjackson@horizonusa.com
    Phone: (775) 858-2338
                 (800) 325-1199 x338

    -----Original Message-----
    From: Jamie Pratt [mailto:jamie@nucdc.org]
    Sent: Friday, January 16, 2004 10:49 AM
    To: security-basics@securityfocus.com
    Subject: Re: Windows Remote Desktop

    yes, that is indeed what it was... - once i removed the username (no
    password was stored, so it wasnt doing auto-login.) from the *.rdp file
    config, it sent nothing.. (perfect!)..

    PS - does anyone know if there is any significant difference (security
    or otherwise) between using the RDP client on the MS site located here:

    [http://www.microsoft.com/windowsxp/pro/downloads/rdclientdl.asp]

    versus using the TS client software created from the win2k terminal
    server console itself? (the setup interface is different, that much is
    noticeable, but beyond that?...)

    regards,
    jamie

    Shawn Jackson wrote:
    > Do you have it set to automatically login to the server upon
    > connection? I've noticed that the RDP Client will transmit the last
    used
    > username with the initial connection. Try logging in with another
    > username then disconnect and see what username it transmits then.
    >
    > Shawn Jackson
    > Systems Administrator
    > Horizon USA
    > 1190 Trademark Dr #107
    > Reno NV 89521
    >
    > www.horizonusa.com
    > Email: sjackson@horizonusa.com
    > Phone: (775) 858-2338
    > (800) 325-1199 x338
    >
    >
    > -----Original Message-----
    > From: Jamie Pratt [mailto:jamie@nucdc.org]
    > Sent: Thursday, January 15, 2004 1:31 PM
    > To: security-basics@securityfocus.com
    > Subject: Re: Windows Remote Desktop
    >
    > hmm... the 'main' traffic does appear encrypted, but this third
    packet
    > sent on the initial RDP connection prior to login is somewhat odd:
    (the
    > RDP session has 'Administrator' as the default account on the TS
    login
    > screen, and I am running as Administrator myself - what's up with the
    > username showing in the data section of the packet if it's all
    encrypted
    > then?) - Well..at least I can't see the password going over the
    wire!
    >
    > ---------------------------------------------------------------------
    > Frame 20 (94 bytes on wire, 94 bytes captured)
    > Ethernet II, Src: 00:07:f4:ed:e4:af, Dst: 00:0f:43:71:2c:6e
    > Internet Protocol, Src Addr: 192.168.X.X (192.168.X.X), Dst Addr:
    > X.X.X.X (X.X.X.X)
    > Transmission Control Protocol, Src Port: 1054 (1054), Dst Port: 3389
    > (3389), Seq: 1, Ack: 1, Len: 40
    > Source port: 1054 (1054)
    > Destination port: 3389 (3389)
    > Sequence number: 1
    > Next sequence number: 41
    > Acknowledgement number: 1
    > Header length: 20 bytes
    > Flags: 0x0018 (PSH, ACK)
    > Window size: 16560
    > Checksum: 0x25c9 (correct)
    >
    > Data (40 bytes)
    >
    > 0000 03 00 00 28 23 e0 00 00 00 00 00 43 6f 6f 6b 69 ...(#......Cooki
    > 0010 65 3a 20 6d 73 74 73 68 61 73 68 3d 41 64 6d 69 e: mstshash=Admi
    > 0020 6e 69 73 74 72 61 0d 0a nistra..
    >
    >
    ------------------------------------------------------------------------
    >
    >
    > regards,
    > jamie
    >
    > Depp, Dennis M. wrote:
    > > Two statements I don't agree with:
    > >
    > > 1) "Additionally no actual 'data' is transferred through the RDP
    > > connection, it's just interface information (mouse movement,
    button
    > > clicks, typing) and screen refreshes. Now if you were using the
    > resource
    > > mapping then data would traverse the RDP connection and would be
    > subject
    > > to its encryption."
    > > Data is sent over the wire concerning keystrokes, mouse
    > > movements and screen refresh data. Obviously this information,
    > > particularly keystrokes can provide data to a hacker. However all
    > > information set via RDP is encrypted the default is 56-bit with
    the
    > > capacity to use 128-bit RC4. Even when using local resources, the
    > data
    > > is still encrypted with 128-bit security.
    > >
    > > 2) "All in all I think that PCAnywhere and Citrix have
    > > more secure RDP/VNC like interfaces"
    > > The default security setting in Citrix is basic (no encryption)
    > > PCAnywhere maybe better, I'm not sure. Both Citrix and RDP are
    > > vulnerable to MiM attacks. Citrix does have the capability to use
    > SSL
    > > but this is comprable to Microsoft's VPN solution.
    > >
    > > Denny
    > >
    > > -----Original Message-----
    > > From: Shawn Jackson [mailto:sjackson@horizonusa.com]
    > > Sent: Wednesday, January 14, 2004 6:36 PM
    > > To: jamesworld@intelligencia.com
    > > Cc: Michael Gale; security-basics@securityfocus.com
    > > Subject: RE: Windows Remote Desktop
    > >
    > <snip>
    >

    ------------------------------------------------------------------------ 

    ---
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off
any 
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion
Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720
off 
any course!  
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------
  • Next message: Depp, Dennis M.: "RE: Windows Remote Desktop"

    Relevant Pages

    • RE: Windows Remote Desktop
      ... There are many improvements in the RDP client at the link you mentioned. ... not security improvements and ... > username then disconnect and see what username it transmits then. ... We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion ...
      (Security-Basics)
    • Re: Windows Remote Desktop
      ... or otherwise) between using the RDP client on the MS site located here: ... I've noticed that the RDP Client will transmit the last used ... > username with the initial connection. ... We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, ...
      (Security-Basics)
    • Re: Single Sign-On
      ... Native TS does not support Single Sign-On (or passthrough ... Users can save their username and password in their rdp client, ... MCSE, CCEA, Microsoft MVP - Terminal Server ...
      (microsoft.public.windows.terminal_services)