Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: sshd for windows

From: "Depp, Dennis M." <deppdm () ornl gov>
Date: Fri, 20 Jun 2003 14:11:20 -0400
Wes,

You are correct, only the password is encrypted.  I never meant to imply
Windows telnet was secure, only that the password is not sent in
plaintext.

Dennis

-----Original Message-----
From: wjnorth [mailto:wjnorth () earthlink net] 
Sent: Thursday, June 19, 2003 12:33 PM
To: Depp, Dennis M.; 'Richard Parry'; 'stephen at unix dot za dot net'
Cc: security-basics () securityfocus com
Subject: RE: sshd for windows

Dennis,

NTLMv2 authentication for the password challenge maybe, but telnet
itself is wide open. Test it out, use Ethereal or RMON on your PC,
telnet to a Windows box and I ~100% sure you'll see your username and
password in the clear, because by default telnet is cleartext. Every key
stroke you enter is sent to the host and echoed back, as such you'll
actually see 2 occurrences for each key stroke.

I've never heard of Windows hosted telnet being secure, it may use
NTLMv2 authentication when the session is active and the password has
been entered for authentication (i.e. hashing the password and comparing
it against the existing password), but I don't think it encrypts the
session in transit, which is where the problem occurs. In fact I am
fairly certain that NTLMv2 only applies to authentication of clients to
a DC, which means if you are using telnet to get in, sure the password
is authenticated using standard windows mechanisms, but in transit
telnet is definitely in the clear.

If you can prove me wrong, I will have learned something new. ;-)

-Wes

-----Original Message-----
From: Depp, Dennis M. [mailto:deppdm () ornl gov] 
Sent: Wednesday, June 18, 2003 12:43 PM
To: Richard Parry; stephen at unix dot za dot net
Cc: security-basics () securityfocus com
Subject: RE: sshd for windows


Richard,
 
The telnet built into Windows 2000 uses NTLMv2 authentication by defalt.
While this is not 3DES or RC4, it is still not plain text.
 
Dennis

        -----Original Message----- 
        From: Richard Parry [mailto:richard () generic-edesign co uk] 
        Sent: Wed 6/18/2003 12:19 PM 
        To: stephen at unix dot za dot net 
        Cc: security-basics () securityfocus com 
        Subject: RE: sshd for windows
        
        

        Oh yeah, thats the perfect way of breaking into a machine !
Telnet is plain
        text, so is very easy to sniff anything that goes on ! I hope
you are being
        sarcastic !
        
        
........................................................................
        
        Regards - Richard Parry
        
        STUDIO Digital Media Limited new media + web.
        http://www.studiodm.co.uk <http://www.studiodm.co.uk/>
        
        Cd duplication services
        http://www.dupe.co.uk <http://www.dupe.co.uk/>
        
        Lichfield U.K.
        t: +44 (0)1543 416912  f: +44 (0)1543 416914
        
........................................................................
        
        
        -----Original Message-----
        From: stephen at unix dot za dot net
[mailto:stephen () unix za net]
        Sent: 18 June 2003 8:19 AM
        To: Derek Perry
        Cc: security-basics () securityfocus com
        Subject: Re: sshd for windows
        
        
        
        
        theres a builtin telnet server included with win2k (server and
        workstation).
        
        just start the service, telnet to ip:23
        
        enter user and pass
        
        and wolah...
        
        you have a dos prompt :)
        
        
        
        
        --
        Success On Hold
        (www.soh.co.za)
        
        stephen () unix za net
        tel: (031) 207 4811
        
        
        
        On Mon, 16 Jun 2003, Derek Perry wrote:
        
        > Is there a sshd for Windows (W2K Server is the actual OS) that
is freely
        > available?  I am doing a senior design project for a class at
school and I
        > would like a way to log in remotely to the server at the
company which I
        am
        > working with (the network admin hasnt even done the security
updates on
        the
        > webserver, so he is hopeless).  Thanks in advance!
        >
        > --
        > Derek A. Perry
        > derek () cc gatech edu
        >
        >
        >
------------------------------------------------------------------------
--
        -
        > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by
top analysts!
        > The Gartner Group just put Neoteris in the top of its Magic
Quadrant,
        > while InStat has confirmed Neoteris as the leader in
marketshare.
        >
        > Find out why, and see how you can get plug-n-play secure
remote access in
        > about an hour, with no client, server changes, or ongoing
maintenance.
        >
        > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
        >
------------------------------------------------------------------------
--
        --
        >
        
        
        
------------------------------------------------------------------------
---
        Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top
analysts!
        The Gartner Group just put Neoteris in the top of its Magic
Quadrant,
        while InStat has confirmed Neoteris as the leader in
marketshare.
        
        Find out why, and see how you can get plug-n-play secure remote
access in
        about an hour, with no client, server changes, or ongoing
maintenance.
        
        Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
        
------------------------------------------------------------------------
----
        
        
        
        
        
        
        
------------------------------------------------------------------------
---
        Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top
analysts!
        The Gartner Group just put Neoteris in the top of its Magic
Quadrant,
        while InStat has confirmed Neoteris as the leader in
marketshare.
            
        Find out why, and see how you can get plug-n-play secure remote
access in
        about an hour, with no client, server changes, or ongoing
maintenance.
                 
        Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
        
------------------------------------------------------------------------
----
        
        



------------------------------------------------------------------------
---
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top
analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access
in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: