Home page logo

basics logo Security Basics mailing list archives

Re: RDP sniffing
From: krymson () gmail com
Date: 27 Dec 2007 22:19:16 -0000

I spent about an hour searching, but surprisingly have come up with very little. Over the years, MS must have done a 
decent job making sure RDP sessions are not only encrypted, but the session keys exchanged securely. 

Still, I was able to find this hardware solution. While it might not impact any risk assessment in regards to your 
normal attackers sniffing the network, it might indicate that this is still possible somehow.


If I couldn't get the client wrapped into ipsec or some other VPN, I could live with an RDP-only connection from client 
to the server in question. That's my own risk assessment, though, without any knowledge on how valuable or important 
your connection is...  There are certainly worse ways to achieve remote connections.

<- snip ->

Is possible sniffing RDP in a switched LAN?

Is possible capturing passwords?
Is possible "saving a video" about the user tasks?

Thanks in advance.
Fran Lopez.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]