Penetration Testing mailing list archives
Re: TS/3389 risk on Internet
From: "Neale Green" <neale.green () neale org>
Date: Tue, 2 Nov 2004 15:06:30 +1100
A good many claims are made in regard to how solid and secure the Microsoft protocols are, but it has been proven numerous times that undocumented "hooks" and associations have been added to make life "easier" by bypassing the restrictions that are supposedly in place to ensure that they are, in fact, secure.
My last position was working in network and network perimeter security for one of the "Big Three" Computer Services Suppliers, and I would NEVER allow 3389 traffic over a Network perimeter, especially from the Internet ( I'm not too happy about any generic logons from the internet, but the only Terminal Server traffic I allowed was encrypted Citrix Terminal Server traffic, at least we can independently confirm what you can access with Citrix traffic ).
FWIW Neale Green ----- Original Message ----- >
I have a peer that insists on allowing public access to his Domain controller via TS/tcp 3389 over the internet. I know there are somedocumented cases of 'man-in-the-middle' attacks for this service but I washoping someone here could help me plead my case as to why this is a bad idea. Maybe you all disagree and regurlary allow this traffic. It just doesn't sit well with me. Does anyone know if the login/password is sentin clear text for TS authentication?Thanks in advance for any thoughts, Nicole
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com).Version: 6.0.788 / Virus Database: 533 - Release Date: 1/11/2004
Current thread:
- Re: TS/3389 risk on Internet Lennart Sorth (Nov 01)
- <Possible follow-ups>
- Re: TS/3389 risk on Internet Adam Jones (Nov 01)
- Re: TS/3389 risk on Internet Jeffrey Clark (Nov 01)
- RE: TS/3389 risk on Internet Keith T. Morgan (Nov 01)
- RE: TS/3389 risk on Internet Peadro, Jeff (AIS) (Nov 01)
- Re: TS/3389 risk on Internet Tim (Nov 03)
- Re: TS/3389 risk on Internet Travis Potter (Nov 01)
- Re: TS/3389 risk on Internet Neale Green (Nov 03)
- Re: TS/3389 risk on Internet Davide Carnevali (Nov 01)
- RE: TS/3389 risk on Internet sk3tch (Nov 03)
- RE: TS/3389 risk on Internet Todd Towles (Nov 03)