Re: TS/3389 risk on Internet

From: Lennart Sorth (Lennart.Sorth@uni-c.dk)
Date: Fri Oct 29 2004 - 02:53:19 EDT


net sec wrote:
> Does anyone know if the login/password
> is sent in clear text for TS authentication?

Well, its certainly sent unencrypted, if not clear text.

You can install Cygwin on the DC, and tunnel tcp-3389 through
a SSH connection. This way the security is provided by, and
can be maintained by means of the Cygwin SSH implementation.

And if you use ssh compression, it is usually even faster
than doing the TS directly.

Best regards

Lennart Sorth
UNI-C
Denmark



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:07 EDT