Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: RDP sniffing

from [Timmothy Lester] Network Security [Permanent Link]
Subject: RE: RDP sniffing
Date: Fri, 28 Dec 2007 10:19:38 -0800 
Okay people, go a little deeper: http://eprint.iacr.org/2007/419.pdf

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of krymson@gmail.com
Sent: Thursday, December 27, 2007 5:19 PM
To: security-basics@securityfocus.com
Subject: Re: RDP sniffing

I spent about an hour searching, but surprisingly have come up with very
little. Over the years, MS must have done a decent job making sure RDP
sessions are not only encrypted, but the session keys exchanged
securely. 

Still, I was able to find this hardware solution. While it might not
impact any risk assessment in regards to your normal attackers sniffing
the network, it might indicate that this is still possible somehow.

http://www.bmst.net/tech.htm#rdp

If I couldn't get the client wrapped into ipsec or some other VPN, I
could live with an RDP-only connection from client to the server in
question. That's my own risk assessment, though, without any knowledge
on how valuable or important your connection is...  There are certainly
worse ways to achieve remote connections.

<- snip ->


Is possible sniffing RDP in a switched LAN?

Is possible capturing passwords?
Is possible "saving a video" about the user tasks?

Thanks in advance.
Fran Lopez.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  OT: IP of the originating machine from a gmail email, Ali, Saqib
Next by Date:  Re: Reflexive firewalls?, Nick Owen
Previous by Thread:  Re: RDP sniffing, krymson
Next by Thread:  RE: RDP sniffing, krymson
Indexes:  [Date] [Thread] [Top] [All Lists]