|
Penetration Testing
mailing list archives
Re: MS Terminal Services open to the world
From: "Robert G. Ferrell" <rferrell () texas net>
Date: Fri, 10 Jan 2003 11:19:48 -0600
At 10:09 AM 1/10/03 -0500, Ralph Los wrote:
I've got a pretty good client of mine who absolutely refuses to heed
my warnings about keeping Terminal Services open to the world. They rely on
Windows passwords and figure that's strong enough for all their servers
(management). Now I'm given the task of auditing their
security/infrastructure and would like to come up some creative ways to back
up my point about MS TS open to the Internet being a bad idea.
Any thoughts or input is appreciated.
Not to be too obvious, why not hit them with a simple brute force/dictionary
attack? Or slap on a packet dumper and sniff their clear text traffic?
RGF
Robert G. Ferrell
rgferrell () direcway com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
 By Date 
By Thread
Current thread:
- Re: MS Terminal Services open to the world, (continued)
| 
Intro
