Security Basics mailing list archives
RE: A different question RE: Windows Remote Desktop
From: "Gunn, Jeff" <Jeff.Gunn () FMR COM>
Date: Fri, 16 Jan 2004 13:44:22 -0500
Dave - Can you give us the exact error? Something I couldn't quite get from your description below was if the remote users could log in okay, but got an error when trying to sniff, or if they couldn't log in properly anymore. If the app itself is giving the error, then it still might be a permissions issue; there are a few things that behaving differently between a console session and a remote session (although usually it doesn't matter). Unless you know exactly what your sniffer app is trying to do and how it's trying to do it, they first thing I would do is grab a copy of the FileMon and RegMon utilities from Sysinternals.com and run them while attempting the operation. These utilities will tell you is any kind of failure (file not found, permission denied, etc) in accessing files or registry keys is happening in the background. It can be very enlightening. -Jeff
-----Original Message----- From: David Gillett [mailto:gillettdavid () fhda edu] Sent: Thursday, January 15, 2004 7:37 PM To: security-basics () securityfocus com Subject: A different question RE: Windows Remote Desktop We don't allow RDP to/from off-site locations, but we've been using it to allow a couple of folks to, from their office desktops, connect to strategically placed servers to sniff specific network segments. This worked fine from sometime in September until the Christmas/New Year's break, during which we had a scheduled power shutdown. Everything came back on after the shutdown, and most boxes involved have been rebooted individually since. But although sniffing still works fine from the server console, RDP clients get a general-purpose error message that seems to indicate that they don't have the necessary permissions, or there's some other kind of problem, with the adapter that connects to the sniffed segment. Since sniffing from the console works, we know it's not an adapter or port configuration issue, or a switch port issue. Since several privileged accounts, including Administrator, *can* sniff from the console but not from an RDP session, we're convinced it's not an account privileges issue. And since it worked before the power shut-down, we know it can be made to work. Has anyone who works more extensively with RDP seen anything similar? Or have you a useful theory that might help explain what we're seeing? Dave Gillett -------------------------------------------------------------- ------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- RE: A different question RE: Windows Remote Desktop Shawn Jackson (Jan 16)
- <Possible follow-ups>
- RE: A different question RE: Windows Remote Desktop Gunn, Jeff (Jan 16)