Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing: Re: TS/3389 risk on Internet

Re: TS/3389 risk on Internet

From: Lennart Sorth <Lennart.Sorth_at_uni-c.dk>
Date: Fri, 29 Oct 2004 08:53:19 +0200

net sec wrote:
> Does anyone know if the login/password
> is sent in clear text for TS authentication?

Well, its certainly sent unencrypted, if not clear text.

You can install Cygwin on the DC, and tunnel tcp-3389 through
a SSH connection. This way the security is provided by, and
can be maintained by means of the Cygwin SSH implementation.

And if you use ssh compression, it is usually even faster
than doing the TS directly.

Best regards

Lennart Sorth
UNI-C
Denmark
Received on Nov 01 2004

This message: [ Message body ]
Next message: Burnett, Robert: "Frontpage files"
Previous message: Randy Golly: "RE: An idiot question"
Next in thread: Adam Jones: "Re: TS/3389 risk on Internet"
Maybe reply: Adam Jones: "Re: TS/3389 risk on Internet"
Maybe reply: Jeffrey Clark: "Re: TS/3389 risk on Internet"
Maybe reply: Travis Potter: "Re: TS/3389 risk on Internet"
Maybe reply: Davide Carnevali: "Re: TS/3389 risk on Internet"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]