Hosting Provided By

RE: (prevent + detect Arp spoofing) + Securing Terminal Services

From: Benjamin Meade <ben(at)lanwest.com.au>
Date: Thu May 08 2003 - 21:42:45 EDT

http://www.securityfocus.com/infocus/1629

Benjamin Meade
System Administrator
LanWest Pty Ltd

-----Original Message-----

From: Dan Rowe [mailto:suedes098@yahoo.com] Sent: Friday, 9 May 2003 4:03 AM
To: focus-ms@securityfocus.com
Subject: (prevent + detect Arp spoofing) + Securing Terminal Services

Hello all,

My name is Dan, and i am participating in a CTF contest

http://crew.ccs.neu.edu/ctf/

I am going to be running a windows 2003 server, and administering it

Do you need help?

remotely using Terminal services.

I heard about the man-in-the-middle exploit that has been found for

terminal services, and have learned that using ssl with terminal services

can avoid this exploit, but in my case, i am unable to use ssl.

Last years contest went to a group that had wrote the Openssh to main

in the middle everyone using linux, but weren't able to affect the

windows users, this year they focused on writing such a program for

terminal services. So you can see my concern. If i can administer my

Do you need more help?

machine remotely and safely then i will have a decent chance of getting

into other peoples, and keeping my services (web, mail,..etc) alive and

kick.

So the question is how might i secure terminal services? from the

server side only? I thought that if i configure the arp table on the

server and enter the gateway as a static entry, and only allow it to

connect to terminal services then i might have a fighting chance, becuase

the MITM attack is based on arp poisoning.

Can we help you?

Thanks for your time and help

Dan

p.s. if you have any other ideas or software for securing a server in a

very very hostile network, please let me know.

FastTrain has your solution for a great CISSP Boot Camp. The industry`s most
recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-focus-ms

FastTrain has your solution for a great CISSP Boot Camp. The industry`s most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-focus-ms

Received on Fri May 9 10:31:48 2003

This message: [ Message body ]
Next message: Andrey E. Lerman: "Re: Timbuktu, etc."
Previous message: Pidgorny, Slav: "RE: IPSEC through Ms ISA Server"
In reply to: Dan Rowe: "(prevent + detect Arp spoofing) + Securing Terminal Services"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:29 EDT