Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Terminal Services Holes

From: "M. Burnett" <mburnett () xato net>
Date: Sat, 17 Nov 2001 15:46:51 GMT
if anyone has any information on how to better
log (on the Win2k box itself), please let me know.


Xato recently posted an advisory that shows how to use windump to log
TCP/IP addresses of terminal services connections (even before the
user logs in).

You can read the advisory at
http://www.xato.net/reference/xato-112001-01.txt

WinDump can be found at
http://netgroup-serv.polito.it/windump/

And the command to run is:
C:\>windump "tcp dst port 3389 and tcp[13] & 3 !=0"


Mark Burnett
www.xato.net
www.iis-insider.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: