Re: TS/3389 risk on Internet

From: Jeffrey Clark (jclark525@adelphia.net)
Date: Thu Oct 28 2004 - 11:28:56 EDT


Yes, to a certain extent, all data is encrypted based on the setting in
Terminal Services Configuration, Connections, RDP-Tcp properties, General
tab, Encryption Level. (default is medium, I think). In all 3 possible
settings, upstream data is encrypted, which means that man-in-the-middle
packet sniffer attacks wouldn't recover passwords without bruteforce
decryption. Downstream data (video) is encrypted with settings medium and
high. I don't know the actual encryption level and algorithm, but I think
its similar to SSL. Once connected to Terminal Services, it is possible to
connect to all intranet resources available to the logged on user.

Jeffrey Clark
CIS-IT Major

----- Original Message -----
From: "net sec" <netsec9@hotmail.com>
To: <pen-test@securityfocus.com>
Sent: Tuesday, October 26, 2004 5:18 PM
Subject: TS/3389 risk on Internet

>I have a peer that insists on allowing public access to his Domain
>controller via TS/tcp 3389 over the internet. I know there are some
>documented cases of 'man-in-the-middle' attacks for this service but I was
>hoping someone here could help me plead my case as to why this is a bad
>idea. Maybe you all disagree and regurlary allow this traffic. It just
>doesn't sit well with me. Does anyone know if the login/password is sent
>in clear text for TS authentication?
>
> Thanks in advance for any thoughts,
> Nicole
>
> _________________________________________________________________
> On the road to retirement? Check out MSN Life Events for advice on how to
> get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
>
>
> ------------------------------------------------------------------------------
> Internet Security Systems. - Keeping You Ahead of the Threat
>
> When business losses are measured in seconds, Internet threats must be
> stopped before they impact your network. To learn how Internet Security
> Systems keeps organizations ahead of the threat with preemptive intrusion
> prevention, download the new whitepaper, Defining the Rules of Preemptive
> Protection, and end your reliance on reactive security technology.
> http://www.securityfocus.com/sponsor/ISS_pen-test_041001
> -------------------------------------------------------------------------------
>
>
>



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:07 EDT