IDS mailing list archives

Windows Network Testing

From: "dave" <dave () netmedic net>
Date: Wed, 4 Jun 2003 02:27:23 -0400

Hello,

A basic question I hope.

What are the Layer Protocols, Frames, Ports etc. to monitor to ensure that
the Authentication is being transmitted properly (i.e. we want to ensure
that NTLMv2 is being utilized and no LM authentication is being
transmitted.)

My assumption is to watch NETBIOS (137,138,139) because Logon Sequence,
NetLogon, and pass Through Validation occur on them. Possibly 445 as well.

This is a NT4 domain with W2K servers and workstations as well, no win98, me
or 95.

Thoughts, additions, and advice will be greatly appreciated.


 
______________________
Dave Kleiman
dave () netmedic net
www.netmedic.net





-------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?

IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities
- including intrusion identification, relevancy, direction, impact and analysis
- enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at:
http://www.securityfocus.com/IntruVert-focus-ids2
-------------------------------------------------------------------------------

Current thread:

Windows Network Testing dave (Jun 04)