From owner-freebsd-chat  Tue May 18 20: 6:42 1999
Delivered-To: freebsd-chat@freebsd.org
Received: from adelphi.physics.adelaide.edu.au (adelphi.physics.adelaide.edu.au [129.127.36.247])
	by hub.freebsd.org (Postfix) with ESMTP id 1EEE4150C9
	for <freebsd-chat@freebsd.org>; Tue, 18 May 1999 20:06:37 -0700 (PDT)
	(envelope-from kkennawa@physics.adelaide.edu.au)
Received: from bragg (bragg [129.127.36.34])
	by adelphi.physics.adelaide.edu.au (8.8.8/8.8.8/UofA-1.5) with SMTP id MAA09124;
	Wed, 19 May 1999 12:36:36 +0930 (CST)
Received: from localhost by bragg; (5.65/1.1.8.2/05Aug95-0227PM)
	id AA22003; Wed, 19 May 1999 12:37:27 +0930
Date: Wed, 19 May 1999 12:37:26 +0930 (CST)
From: Kris Kennaway <kkennawa@physics.adelaide.edu.au>
X-Sender: kkennawa@bragg
To: Steve Price <sprice@hiwaay.net>
Cc: freebsd-chat@freebsd.org
Subject: Re: how secure is NT?
In-Reply-To: <Pine.OSF.4.10.9905181322250.8039-100000@fly.HiWAAY.net>
Message-Id: <Pine.OSF.4.10.9905191228150.10095-100000@bragg>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 18 May 1999, Steve Price wrote:

> I just got the strangest request.  Today while at a customer's
> facility I was given the IP address of an NT box and was asked
> to try to break into it.  All he told me about the box was that
> it was using NT 4.0 and was running a VPN.  Does anyone have any
> ideas or pointers to known NT exploits?

Reading the NT service pack changelogs should give you a good idea of which
DoS/exploit bugs were fixed in each. In particular, there was a FTP buffer
overflow fixed in the most recent SP5 which potentially allows remote
access (there's probably a shell script around which takes care of this).

You mentioned VPN - if it's Microsoft's PPTP, then you're in luck - see
http://www.counterpane.com/pptp.html. Microsoft's implementation of PPTP is so
badly broken that anyone considering using it in a real network should
be taken into a back room and quietly pummeled until they change their mind.

Kris

-----
"That suit's sharper than a page of Oscar Wilde witticisms that's been
rolled up into a point, sprinkled with lemon juice and jabbed into
someone's eye"
"Wow, that's sharp!" - Ace Rimmer and the Cat, _Red Dwarf_



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message