Penetration Testing mailing list archives
Re: MS Terminal Services open to the world
From: "Robert G. Ferrell" <rferrell () texas net>
Date: Fri, 10 Jan 2003 11:19:48 -0600
At 10:09 AM 1/10/03 -0500, Ralph Los wrote:
I've got a pretty good client of mine who absolutely refuses to heed my warnings about keeping Terminal Services open to the world. They rely on Windows passwords and figure that's strong enough for all their servers (management). Now I'm given the task of auditing their security/infrastructure and would like to come up some creative ways to back up my point about MS TS open to the Internet being a bad idea. Any thoughts or input is appreciated.
Not to be too obvious, why not hit them with a simple brute force/dictionary attack? Or slap on a packet dumper and sniff their clear text traffic? RGF Robert G. Ferrell rgferrell () direcway com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- MS Terminal Services open to the world Ralph Los (Jan 10)
- Re: MS Terminal Services open to the world Don Voss (Jan 11)
- AW: MS Terminal Services open to the world Dominick Baier (Jan 12)
- Re: AW: MS Terminal Services open to the world John the Kiwi (Jan 17)
- RE: MS Terminal Services open to the world Curt Purdy (Jan 12)
- <Possible follow-ups>
- RE: MS Terminal Services open to the world Puterbaugh, Mike (Jan 11)
- Re: MS Terminal Services open to the world Robert G. Ferrell (Jan 15)
- Re: MS Terminal Services open to the world Deus, Attonbitus (Jan 21)