Security Basics mailing list archives
RE: Remote Desktop vs VPN on Windows 2003
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Wed, 19 Jan 2005 12:46:58 -0500
Besides mail bombing me...which isn't really hacking...it's just annoying...tell me exactly what you plan to hack on me next? I didn't invite the world to hack me...just to find a port. 99.9% of the interested parties didn't find the port. But contest is over, winner announced. I don't have to invite the world to hack me...they visit Cox's network billions a times a day. You've found that...ohh...I'm running a mail server. Oh, that's so different from a regular business environment, how? How could I have been so foolish. Paris, do you somehow believe that because you didn't go on a security list and invite people to port scan your business that they aren't visiting you every day? I got more eyes to visit maybe, but who knows. I don't know your normal traffic scans. Paris, from here on out, let's you and leave the list out of it. I'll be glad to correspond to you off list for as long as you like. Roger -----Original Message----- From: Paris E. Stone [mailto:pstone () alhurra com] Sent: Wednesday, January 19, 2005 11:45 AM To: Roger A. Grimes; Ansgar -59cobalt- Wiechers; security-basics () securityfocus com Subject: RE: Remote Desktop vs VPN on Windows 2003 So this box you offered up, is in fact hosted by Cox, on a cable segment, and also receives mail for your domain. Man, you are crazy! "Come hack at my mail server." Seriously, what other security measures are in place? Because you opened the door, and have insecure services on the internet, and it is a box that you get your mail at. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Nice banner changeup too. telnet mail.banneretcs.com 25 yields: 220 Microsoft FTP Services 6.0223 ehlo 501 Syntax: EHLO hostname helo 501 Syntax: HELO hostname So the SMTP port says it is FTP, but answers to SMTP commands. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Nslookup output below. N:\>nslookup Default Server: ############## Address: ###########
set q=any banneretcs.com
Server: ############# Address: ############# Non-authoritative answer: banneretcs.com nameserver = ns1.coxmail.com banneretcs.com nameserver = ns2.coxmail.com
set q=mx banneretcs.com
Server: ############ Address: ############# Non-authoritative answer: banneretcs.com MX preference = 10, mail exchanger = mail.banneretcs.com
set q=a mail.banneretcs.com
Server: ########## Address: ########## Non-authoritative answer: Name: banneretcs.com Address: 68.106.158.136 Aliases: mail.banneretcs.com
banneretcs.com
Server: ############# Address: ############# Non-authoritative answer: Name: banneretcs.com Address: 68.106.158.136
-----Original Message----- From: Roger A. Grimes [mailto:roger () banneretcs com] Sent: Tuesday, January 18, 2005 10:02 PM To: Paris E. Stone; Ansgar -59cobalt- Wiechers; security-basics () securityfocus com Subject: RE: Remote Desktop vs VPN on Windows 2003 I appreciate what you are both saying...but security is always a trade off of security vs. usability. RDP does not have a known vulnerability against it...you mention RC4...but again...until I hear that RDP is exploitable again, it's a great tool for me to use. If I'm running a NASA server or something top secret, I might need a more secure tool...but I'm pretty sure I'm not going to be running SSH either. If I need high security, I can also require the use of a smart card to use RDP. Also, if my background is strong Windows and weak on Unix and Unix-ported tools...why not stay with secure Windows tool? I love using open source and Unix-ported tools...but if the Windows tool can do the same or better job, why not use the free tools in the system? -----Original Message----- From: Paris E. Stone [mailto:pstone () alhurra com] Sent: Tuesday, January 18, 2005 3:30 PM To: Ansgar -59cobalt- Wiechers; security-basics () securityfocus com Subject: RE: Remote Desktop vs VPN on Windows 2003 As was my original post, avoid naked RDP on the internet at all costs. Secure it with other means. -----Original Message----- From: Ansgar -59cobalt- Wiechers [mailto:bugtraq () planetcobalt net] Sent: Tuesday, January 18, 2005 9:01 AM To: security-basics () securityfocus com Subject: Re: Remote Desktop vs VPN on Windows 2003 On 2005-01-17 Roger A. Grimes wrote:
I don't think RC4, by itself is weak...it's specific implementations of RC4 (like in WEP).
No. It's an algorithm problem, not an implementation problem.
Yes, RDP did have an RC4 vulnerability in 2002, but it was patched. SSH had an RC4 vulnerability just a few months before RDP did (in 2001). Both are patched now.
The "patch" for SSH was to completely remove RC4 support. I don't think RDP was patched the same way (but I would welcome anyone to prove me wrong here).
SSH seems to get hacked at least once a year.
True. But that's because of implementation problems, not because of problems with the underlying encryption algorithms. Implementation problems can be (more or less) easily patched. [...]
RDP is free (for W2K and above),
Well, it's not really free, but I think I know what you mean.
remote client can be nearly anything (especiallly with RDP ActiveX control),
Requiring IE which one usually wants to avoid.
its encrypted,
Using a weak algorithm.
fast, has kick butt Edit-Copy, Edit-Paste features, remote printing (not so hot), drive mapping, etc.
True.
RDP is arguably running on more Windows enterprise servers than any alternative but SSH (and maybe PC Anywhere), and it has not had a public exploit demonstrated since 2002. I'd say it is a strong candidate for consideration.
Please re-read my post. I was not suggesting to avoid RDP, but to tunnel RDP connections through e.g. SSH, which can be easily done. That way you have RDP *and* strong encryption. Regards Ansgar Wiechers -- "Those who would give up liberty for a little temporary safety deserve neither liberty nor safety, and will lose both." --Benjamin Franklin
Current thread:
- RE: Remote Desktop vs VPN on Windows 2003, (continued)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 19)
- Re: Remote Desktop vs VPN on Windows 2003 Ansgar -59cobalt- Wiechers (Jan 19)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 19)
- RE: Remote Desktop vs VPN on Windows 2003 Frank Hamersley (Jan 20)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 19)
- RE: Remote Desktop vs VPN on Windows 2003 Paris E. Stone (Jan 19)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 19)
- RE: Remote Desktop vs VPN on Windows 2003 Paris E. Stone (Jan 19)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 19)
- RE: Remote Desktop vs VPN on Windows 2003 Frank Hamersley (Jan 20)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 19)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 19)
- Re: Remote Desktop vs VPN on Windows 2003 Ansgar -59cobalt- Wiechers (Jan 19)
- Re: Remote Desktop vs VPN on Windows 2003 Michael Gale (Jan 20)
- RE: Remote Desktop vs VPN on Windows 2003 Conlan Adams (Jan 20)
- heroes Dave Aronson (Jan 24)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 20)
- RE: Remote Desktop vs VPN on Windows 2003 Nero, Nick (Jan 20)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 20)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 19)