Security Basics mailing list archives
RE: sshd for windows
From: "Depp, Dennis M." <deppdm () ornl gov>
Date: Fri, 20 Jun 2003 14:08:27 -0400
Chris, NTLMv2 is an encryption method. (Granted it is weak, but it still is encrypted.) By default, Microsoft Telnet uses NTLM to encrypt the password. This means the only client that can access the server is the Microsoft telnet that comes with Windows 2000. You can setup a Windows 2000 server with the default installation of telnet and see that the password is encrypted. Denny -----Original Message----- From: Chris Berry [mailto:compjma () hotmail com] Sent: Thursday, June 19, 2003 3:05 PM To: security-basics () securityfocus com Subject: Re: sshd for windows
From: Ansgar Wiechers <bugtraq () planetcobalt net> On 2003-06-18 Richard Parry wrote:theres a builtin telnet server included with win2k (server and workstation).Oh yeah, thats the perfect way of breaking into a machine ! Telnet
is
plain text, so is very easy to sniff anything that goes on ! I hope you are being sarcastic !You do know, that by default Windows is using NTLM authentication for telnet, don't you? Of course that's not comparable to ssh, but it sure is a lot better than plaintext authentication.
Thats totally true, but worthless. Authentication isn't the problem, it's the transmission that's in the clear, so now you're sending your loging name and password in cleartext. Sure, they're stored in NTLMv2 format at the other end, but what does that matter if they just put a sniffer on the wire? Chris Berry compjma () hotmail com Systems Administrator JM Associates "Within every man beats a heart of darkness." --The Shadow _________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail ------------------------------------------------------------------------ --- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- RE: sshd for windows, (continued)
- RE: sshd for windows wjnorth (Jun 20)
- RE: sshd for windows DeGennaro, Gregory (Jun 20)
- Re: sshd for windows Chris Berry (Jun 20)
- Re: sshd for windows Ansgar Wiechers (Jun 23)
- Re: sshd for windows ktabic (Jun 23)
- RE: sshd for windows Chris Berry (Jun 20)
- RE: sshd for windows Chris Berry (Jun 21)
- RE: sshd for windows DeGennaro, Gregory (Jun 21)
- RE: sshd for windows Chris Berry (Jun 21)
- RE: sshd for windows Depp, Dennis M. (Jun 21)
- RE: sshd for windows Depp, Dennis M. (Jun 21)
- Re: sshd for windows Chris Berry (Jun 24)