From: Robert G. Ferrell (rferrell@texas.net)
Date: Fri Jan 10 2003 - 12:19:48 EST
At 10:09 AM 1/10/03 -0500, Ralph Los wrote:
> I've got a pretty good client of mine who absolutely refuses to heed
>my warnings about keeping Terminal Services open to the world. They rely on
>Windows passwords and figure that's strong enough for all their servers
>(management). Now I'm given the task of auditing their
>security/infrastructure and would like to come up some creative ways to back
>up my point about MS TS open to the Internet being a bad idea.
>
>Any thoughts or input is appreciated.
Not to be too obvious, why not hit them with a simple brute force/dictionary
attack? Or slap on a packet dumper and sniff their clear text traffic?
RGF
Robert G. Ferrell
rgferrell@direcway.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:26 EDT