[THIN] Re: Any thoughts about this?
- From: "Matt Kosht" <matt.kosht@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Wed, 26 Mar 2008 11:32:22 -0400
On Wed, Mar 26, 2008 at 11:10 AM, Andrew Wood
<andrew.wood@xxxxxxxxxxxxxxxx> wrote:
>
>
>
> v6 of the RDP protocol supports server authentication (although I'd expect
> only to a W2k3 server) – which would mitigate against the attack that was
> described against v5.2 as you have to verify the identity of the server
> (http://www.microsoft.com/downloads/details.aspx?FamilyID=26f11f0c-0d18-4306-abcf-d4f18c8f5df9&DisplayLang=en)
>
>
>
> Although, to me, that'd mean you'd put your RDP connection raw out onto the
> internet/external network and that doesn't sound pretty from a security
> point of view – that said people've been doing that for years, and are still
> doing it now
> (http://www.citrixthings.com/index.php?option=com_content&task=view&id=25&Itemid=1)
>
>
>
> :?
>
>
>
>
>
>
>
>
>
>
> From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
> Of Nick Smith
> Sent: 26 March 2008 14:47
>
> To: 'thin@xxxxxxxxxxxxx'
> Subject: [THIN] Re: Any thoughts about this?
>
> To: 'thin@xxxxxxxxxxxxx'
> Subject: [THIN] Re: Any thoughts about this?
>
>
>
>
>
> Mmm…it'd be nice if someone whipped back at me and said "yeah, this was
> fixed in 5.x, you fool". I've got a client asking the question, and I don't
> think he'll live with 'It's probably been fixed'J.
>
>
>
>
>
>
> From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
> Of Jim Kenzig ThinHelp.com
> Sent: 26 March 2008 14:43
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Any thoughts about this?
>
>
>
>
> Other than the fact the article is over 3 years old and there have been
> about 5 more versions of RDP released since I'd suspect that the issues have
> been addressed.
>
>
> JK
>
>
> On Wed, Mar 26, 2008 at 10:40 AM, Nick Smith <nick@xxxxxxxxxxxxxxxxxx>
> wrote:
>
>
> Guys, have just read the article:
>
>
>
> http://www.securiteam.com/windowsntfocus/5EP010KG0G.html
>
>
>
> This suggests that pure RDP is significantly open to hacking. Any
> comments/thought/has this been addressed?
>
>
>
> Nick
>
>
>
>
> --
> Jim Kenzig
> Microsoft MVP - Terminal Services
> http://www.thinhelp.com
> Citrix Technology Professional
> CEO The Kenzig Group
> http://www.kenzig.com
> Blog: http://www.techblink.com
Ditto. Most of the DoS and Man in the Middle attacks on RDP rely on
3389 being open to the internet. You'd have to be slightly nuts to
open 3389 directly thru a firewall. There is(was?) a util called
tsgrinder from hammerofgod.com that you could brute force RDP access
with this port also. Used to work swell on Windows 2000 Term Servers
and XP clients with Remote Desktop turned on. Don't know about
2003/2003R2/2008 though.
If the original poster's client is concerned tell them to use a VPN to
secure the RDP traffic better. If Citrix is an option use Citrix
Secure Gateway or the like.
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************
Other related posts:
