RE: NetMeeting and H.323

NetMeeting operates erratically with security enabled. At times, it does not recognize that security has been activated, while other times it instantly asks for a certificate password.

Although at NetMeeting startup users are asked to identify themselves to the
Application, there is no authentication to verify that they are who they say they are. This permits users to take on someone's identity and act maliciously.
Each call participant must have security turned on to be able to participate in a secure call, but there is no way to tell if the participants are fully authenticated or not.

Passwords on RDS(remote desktop sharing) are case sensitive, but there are no other password restrictions or requirements. Calls for brute force attacks!!!

You have already talked about the FW issues, which is true.

Best way to overcome NetMeeting or H.323 problems is through VPN solutions.

--Sanjiv
-----Original Message-----

From: Jeremy Junginger [mailto:jj@act.com] Sent: Tuesday, February 18, 2003 2:14 PM To: pen-test
Subject: NetMeeting and H.323

Hey guys,

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

I know I'm asking for it by putting this before the group, but that's kind of my intent. Could anyone in here let me know why H.323, and more specifically, netmeeting is a bad idea*?

*(Aside from the obvious fact that you have to blow a udp hole from 1024 to 65535 in your firewall in order to accommodate it...heheh...)

I would really like to get input from the security professionals on this list.

Thank you, and have a great day!

-Jeremy

Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
www.securityfocus.com/core

Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box?
CORE IMPACT does.
http://www.securityfocus.com/core Received on Wed Feb 19 18:33:32 2003