IDS mailing list archives
Windows Network Testing
From: "dave" <dave () netmedic net>
Date: Wed, 4 Jun 2003 02:27:23 -0400
Hello, A basic question I hope. What are the Layer Protocols, Frames, Ports etc. to monitor to ensure that the Authentication is being transmitted properly (i.e. we want to ensure that NTLMv2 is being utilized and no LM authentication is being transmitted.) My assumption is to watch NETBIOS (137,138,139) because Logon Sequence, NetLogon, and pass Through Validation occur on them. Possibly 445 as well. This is a NT4 domain with W2K servers and workstations as well, no win98, me or 95. Thoughts, additions, and advice will be greatly appreciated. ______________________ Dave Kleiman dave () netmedic net www.netmedic.net ------------------------------------------------------------------------------- INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2 -------------------------------------------------------------------------------
Current thread:
- Windows Network Testing dave (Jun 04)