Penetration Testing mailing list archives
RE: Mitigate FTP
From: "Pete.LeMay" <pete.lemay () whro org>
Date: Fri, 17 Oct 2008 09:33:13 -0400
With AD based accounts, the ftp login should be "domain\user". By only supplying the username IIS checks the local machine accounts. Pete -----Original Message----- From: Gary E. Miller [mailto:gem () rellim com] Sent: Friday, October 17, 2008 1:42 AM To: Pete.LeMay Cc: Sarah Wahl; pen-test () securityfocus com Subject: RE: Mitigate FTP -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yo Pete! On Thu, 16 Oct 2008, Pete.LeMay wrote:
The other password option is to make the users accounts Active
Directory
based. I've only seen dictionary attacks against local accounts...
How does the attacker see AD passwords different than local passwords? All the ftp attacker sees is a username/password prompt. RGDS GARY - ------------------------------------------------------------------------ --- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701 gem () rellim com Tel:+1(541)382-8588 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFI+CWpBmnRqz71OvMRAmMwAJ9RMZ8k7yHb/07kNuB/dkFP0GviegCdG1r/ XlaVNyBs5x2fv7a/N9S71hA= =hMm7 -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Re: Mitigate FTP, (continued)
- Re: Mitigate FTP Taufiq Ali (Oct 15)
- Re: Mitigate FTP Matt - MRS Security (Oct 15)
- Re: Mitigate FTP Taufiq Ali (Oct 15)
- RE: Mitigate FTP Pete.LeMay (Oct 14)
- Re: Mitigate FTP Shreyas Zare (Oct 14)
- Re: Mitigate FTP ॐ aditya mukadam ॐ (Oct 15)
- Re: Mitigate FTP Sarah Wahl (Oct 16)
- RE: Mitigate FTP Thakrar, Saurabh (Oct 16)
- RE: Mitigate FTP Gary E. Miller (Oct 16)
- RE: Mitigate FTP Pete.LeMay (Oct 17)
- RE: Mitigate FTP Gary E. Miller (Oct 17)
- RE: Mitigate FTP Pete.LeMay (Oct 17)
- RE: Mitigate FTP Thakrar, Saurabh (Oct 16)
- Re: Mitigate FTP Augusto Augusto (Oct 17)