Mandi! Florian Klaempfl In chel di` si favelave... > Is this a real issue? Having the ability to connect a machine with admin > access to the network (this is required to setup a fake server) offers a > lot of other possible DoS attacks (formatting a hard disk of a client PC > is no more than a DoS attack to this machine).
I'm exactly thinking about this. On a 'old domain' (NT4, Samba, W2k in compatibility mode) there's still a 'machine account' that have to be setted up, and the machine account have to be initialized with an administrator password (eg, someone in Domain Admins group). But if i've got an account in Domain Admins, nothing in the windows lan are secure. At this point, using WPKG or not using WPKG it is only a choiche of the attacker, that have *FULL* control of the lan... I'm not aware of the existence of attacks to the 'machine account' of NT4/samba. The question, for me, is another: is the 'workgroup' a supported environment for WPKG? If yes, some sort of 'authentication' have to be implemented, or at least state that a 'share level' password in the share are a minimum requirement. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797 ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ wpkg-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/wpkg-users
