can still get in - useful if the box is too far away to go
to the console.
Cheers,
Bob
-Original Message-
From: Daniel H. Renner [mailto:[EMAIL PROTECTED]
Sent: 25 January 2005 07:19
To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] Re: Terminal Server vulnerabilities
-Original Message-
From: Larry Seltzer [EMAIL PROTECTED]
Yeah, fine, so if this bothers you use a VPN. I still
it's something
[MS] claim there are no
unfixed vulnerabilities to Terminal Server on Windows Server 2000
Service Pack 4.
I find that hard to believe and I know you guys will know if they
are
full of it, or they are correct. Please let me know ASAP of any
CURRENT vulnerabilities int Terminal Server.
: [Full-Disclosure] Re: Terminal Server vulnerabilities
[MS] claim there are no
unfixed vulnerabilities to Terminal Server on Windows Server 2000
Service Pack 4.
I find that hard to believe and I know you guys will know if they
are
full of it, or they are correct. Please let me know ASAP
:[EMAIL PROTECTED] On Behalf Of Mark
Senior
Sent: Tuesday, January 25, 2005 12:00 PM
To: full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] Re: Terminal Server vulnerabilities
Terminal Server encrypts its traffic, yes, but it doesn't do any
verification of what server it's connecting
On Tue, 25 Jan 2005 12:12:10 EST, Larry Seltzer said:
Yeah, fine, so if this bothers you use a VPN. I still it's something
very few people need to worry about.
More correctly, the vast majority of sites are so screwed security-wise that
they'll never have the opportunity to see a MITM attack
Microsoft TS is vulnerable to MITM attaks. I usual use IPSec-AH as migitiation
factor. So - it may mitigate over vulnerabilities - such as brute force etc,
because strict ipsec authentication.
(c)oded by [EMAIL PROTECTED]
___
Full-Disclosure - We
Original message:
Date: Mon, 24 Jan 2005 15:52:55 -0800
From: Daniel Sichel [EMAIL PROTECTED]
Subject: [Full-Disclosure] Terminal Server vulnerabilities
To: full-disclosure@lists.netsys.com
Message-ID:
[EMAIL PROTECTED]
Content-Type: text/plain; charset=us-ascii
I am currently