Penetration Testing mailing list archives
Re: Terminal Services Holes
From: "M. Burnett" <mburnett () xato net>
Date: Sat, 17 Nov 2001 15:46:51 GMT
if anyone has any information on how to better log (on the Win2k box itself), please let me know.
Xato recently posted an advisory that shows how to use windump to log TCP/IP addresses of terminal services connections (even before the user logs in). You can read the advisory at http://www.xato.net/reference/xato-112001-01.txt WinDump can be found at http://netgroup-serv.polito.it/windump/ And the command to run is: C:\>windump "tcp dst port 3389 and tcp[13] & 3 !=0" Mark Burnett www.xato.net www.iis-insider.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Terminal Services Holes Dan Richardson (Nov 17)
- Re: Terminal Services Holes M. Burnett (Nov 18)