At 10:09 AM 1/10/03 -0500, Ralph Los wrote: > I've got a pretty good client of mine who absolutely refuses to heed >my warnings about keeping Terminal Services open to the world. They rely on >Windows passwords and figure that's strong enough for all their servers >(management). Now I'm given the task of auditing their >security/infrastructure and would like to come up some creative ways to back >up my point about MS TS open to the Internet being a bad idea. > >Any thoughts or input is appreciated. Not to be too obvious, why not hit them with a simple brute force/dictionary attack? Or slap on a packet dumper and sniff their clear text traffic? RGF Robert G. Ferrell rgferrellat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Jan 15 2003 - 10:17:31 PST