Security Basics mailing list archives
Re: RDP sniffing
From: krymson () gmail com
Date: 27 Dec 2007 22:19:16 -0000
I spent about an hour searching, but surprisingly have come up with very little. Over the years, MS must have done a decent job making sure RDP sessions are not only encrypted, but the session keys exchanged securely. Still, I was able to find this hardware solution. While it might not impact any risk assessment in regards to your normal attackers sniffing the network, it might indicate that this is still possible somehow. http://www.bmst.net/tech.htm#rdp If I couldn't get the client wrapped into ipsec or some other VPN, I could live with an RDP-only connection from client to the server in question. That's my own risk assessment, though, without any knowledge on how valuable or important your connection is... There are certainly worse ways to achieve remote connections. <- snip ->
Is possible sniffing RDP in a switched LAN? Is possible capturing passwords? Is possible "saving a video" about the user tasks? Thanks in advance. Fran Lopez.
Current thread:
- Re: RDP sniffing, (continued)
- Re: RDP sniffing Nobody Special (Dec 27)
- Re: RDP sniffing MaddHatter (Dec 28)
- Re: RDP sniffing MaddHatter (Dec 31)
- RDP Encryption Level (was RE: RDP sniffing) Rui Pereira (WCG) (Dec 31)
- RE: RDP Encryption Level (was RE: RDP sniffing) Anich, Ryan L. (Dec 31)
- Message not available
- Re: RDP sniffing Fran Lopez (Dec 27)
- RE: RDP sniffing Lenny Hansson (Dec 31)
- RE: RDP sniffing Timmothy Lester (Dec 28)