Hosting Provided By

(prevent + detect Arp spoofing) + Securing Terminal Services

From: Dan Rowe <suedes098(at)yahoo.com>
Date: Thu May 08 2003 - 16:02:43 EDT

('binary' encoding is not supported, stored as-is)

Hello all,

My name is Dan, and i am participating in a CTF contest http://crew.ccs.neu.edu/ctf/
I am going to be running a windows 2003 server, and administering it remotely using Terminal services.

I heard about the man-in-the-middle exploit that has been found for terminal services, and have learned that using ssl with terminal services can avoid this exploit, but in my case, i am unable to use ssl.

Last years contest went to a group that had wrote the Openssh to main in the middle everyone using linux, but weren't able to affect the windows users, this year they focused on writing such a program for terminal services. So you can see my concern. If i can administer my machine remotely and safely then i will have a decent chance of getting into other peoples, and keeping my services (web, mail,..etc) alive and kick.

So the question is how might i secure terminal services? from the server side only? I thought that if i configure the arp table on the server and enter the gateway as a static entry, and only allow it to connect to terminal services then i might have a fighting chance, becuase the MITM attack is based on arp poisoning.

Thanks for your time and help

Dan

p.s. if you have any other ideas or software for securing a server in a very very hostile network, please let me know.

FastTrain has your solution for a great CISSP Boot Camp. The industry`s most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-focus-ms

Received on Thu May 8 17:16:25 2003

Do you need help?

This message: [ Message body ]
Next message: Deus, Attonbitus: "Re: (prevent + detect Arp spoofing) + Securing Terminal Services"
Previous message: Marc Fossi: "Article Announcement: Starting from Scratch: Formatting and Reinstalling after a Security Incident"
Next in thread: Deus, Attonbitus: "Re: (prevent + detect Arp spoofing) + Securing Terminal Services"
Reply: Deus, Attonbitus: "Re: (prevent + detect Arp spoofing) + Securing Terminal Services"
Reply: Benjamin Meade: "RE: (prevent + detect Arp spoofing) + Securing Terminal Services"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:29 EDT