Bugtraq mailing list archives
CITRIX & Microsoft Windows Terminal Services False IP Address Vulnerability
From: "Pedro Quintanilha" <PQuintanilha () abril com br>
Date: Wed, 21 Nov 2001 09:43:52 -0200
Like MS Terminal Services, CITRIX Metaframe 1.8 (and other versions, I suppose) also only logs the IP informed by the client. The log, made on Windows NT Event Log, looks like this: ======================================================================== Time: Wed Nov 21 09:37:00 2001 User: MARCUS Agent: metaframe2 Source: Security ID: 528 Type: Success Audit Successful Logon: User Name: MARCUS Domain: NTDOMAIN Logon ID: (0x2,0x2959446E) Logon Type: 2 Logon Process: User32 Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: WTS2 WinStation: ICA-tcp#245 Session ID: 245 Client Name: STATION2 Client Address: 192.168.0.44 ======================================================================== In a incident investigation this is a problem for trace-back the suspects. _________________________________ Pedro Quintanilha Segurança da Informação Editora Abril s/a +55-11-3037-4297 pquintanilha () abril com br
Current thread:
- CITRIX & Microsoft Windows Terminal Services False IP Address Vulnerability Pedro Quintanilha (Nov 21)