RE: A different question RE: Windows Remote Desktop

["Gunn, Jeff" <Jeff.Gunn () FMR COM>]

Dave - 

Can you give us the exact error?  Something I couldn't quite get from your
description below was if the remote users could log in okay, but got an
error when trying to sniff, or if they couldn't log in properly anymore.  If
the app itself is giving the error, then it still might be a permissions
issue; there are a few things that behaving differently between a console
session and a remote session (although usually it doesn't matter).

Unless you know exactly what your sniffer app is trying to do and how it's
trying to do it, they first thing I would do is grab a copy of the FileMon
and RegMon utilities from Sysinternals.com and run them while attempting the
operation.  These utilities will tell you is any kind of failure (file not
found, permission denied, etc) in accessing files or registry keys is
happening in the background.  It can be very enlightening.

-Jeff

> -----Original Message-----
> From: David Gillett [mailto:gillettdavid () fhda edu] 
> Sent: Thursday, January 15, 2004 7:37 PM
> To: security-basics () securityfocus com
> Subject: A different question RE: Windows Remote Desktop
>
>   We don't allow RDP to/from off-site locations, but we've
> been using it to allow a couple of folks to, from their
> office desktops, connect to strategically placed servers
> to sniff specific network segments.
>   This worked fine from sometime in September until the
> Christmas/New Year's break, during which we had a scheduled
> power shutdown.  Everything came back on after the shutdown,
> and most boxes involved have been rebooted individually
> since.
>   But although sniffing still works fine from the server
> console, RDP clients get a general-purpose error message 
> that seems to indicate that they don't have the necessary
> permissions, or there's some other kind of problem, with
> the adapter that connects to the sniffed segment.
>
>   Since sniffing from the console works, we know it's not an
> adapter or port configuration issue, or a switch port issue.
> Since several privileged accounts, including Administrator,
> *can* sniff from the console but not from an RDP session,
> we're convinced it's not an account privileges issue.
>   And since it worked before the power shut-down, we know
> it can be made to work.
>
>   Has anyone who works more extensively with RDP seen anything
> similar?  Or have you a useful theory that might help explain
> what we're seeing?
>
> Dave Gillett
>
>
>
> --------------------------------------------------------------
> -------------
> Ethical Hacking at InfoSec Institute. Mention this ad and get 
> $720 off any 
> course! All of our class sizes are guaranteed to be 10 
> students or less. 
> We provide Ethical Hacking, Advanced Ethical Hacking, 
> Intrusion Prevention, 
> and many other technical hands on courses. 
> Visit us at http://www.infosecinstitute.com/securityfocus to 
> get $720 off 
> any course!  
> --------------------------------------------------------------
> --------------

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------