Security Basics mailing list archives
RE: RDP Encryption Level (was RE: RDP sniffing)
From: "Anich, Ryan L." <RAnich () smdc org>
Date: Mon, 31 Dec 2007 12:04:25 -0600
I think this might be found useful for some.... Go here and search for RDP http://thelazyadmin.com This shows how to set up SSL and self signed certs. Identifying encryption level might be tricky from an RDP session request unless they are on a higher level which would then require you to be set the same otherwise it will disconnect you. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Rui Pereira (WCG) Sent: Monday, December 31, 2007 11:09 AM To: security-basics () securityfocus com Subject: RDP Encryption Level (was RE: RDP sniffing) While we're talking RDP, does anyone know how to identify the encryption level in use, remotely? Thank You Rui -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of MaddHatter Sent: December 28, 2007 5:28 PM To: security-basics () securityfocus com Subject: Re: RDP sniffing
Windows RDP is encrypted. ...
I forgot to mention that RDP is vulnerable to a man-in-the-middle attack. (That is, if you're not using certificates, which as I mentioned I haven't looked into at all.) No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.17.12/1203 - Release Date: 30/12/2007 11:27 AM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.17.12/1203 - Release Date: 30/12/2007 11:27 AM This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. As required by federal and state laws, you need to hold this information as privileged and confidential. If you have received this communication in error, please notify the sender and destroy all copies of this communication and any attachments.
Current thread:
- RDP sniffing Fran Lopez (Dec 26)
- Re: RDP sniffing Stewart Gray (Dec 27)
- Re: RDP sniffing Nobody Special (Dec 27)
- Re: RDP sniffing MaddHatter (Dec 28)
- Re: RDP sniffing MaddHatter (Dec 31)
- RDP Encryption Level (was RE: RDP sniffing) Rui Pereira (WCG) (Dec 31)
- RE: RDP Encryption Level (was RE: RDP sniffing) Anich, Ryan L. (Dec 31)
- Re: RDP sniffing Stewart Gray (Dec 27)
- Re: RDP sniffing Fran Lopez (Dec 27)
- RE: RDP sniffing Lenny Hansson (Dec 31)
- <Possible follow-ups>
- Re: Re: RDP sniffing kurt . kessler (Dec 28)
- Re: RDP sniffing krymson (Dec 28)
- RE: RDP sniffing Timmothy Lester (Dec 28)
- RE: RDP sniffing krymson (Dec 31)