• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

How safe can RDP really be?

NEODARK

Gawd
Joined
Aug 10, 2004
Messages
1,002
I have a small question,

I need to be able to connect to my home box with MS' RDP. THe home box has XP Pro w/SP2 on it, and my work box is running 2K with the RDP client installed.

Using different clients like TVNC or the like is out of the question as I can only use the "microsoft client" on my work box.

My home box is behind a router/spi and has its software firewall and account is protected by a STRONG pass phrase. (symbols, numbers, spaces, etc...)

So que question is, how secure is RDP by itself? (Im also going to change the port on server/client so its not the default.)

thanks for your help. :D
 
Outside of establishing an VPN setup. It sounds like you've ht the key points. RDP is encrypted itself too.
 
from here: http://www.workthin.com/
Is it safe to allow employees to connect directly (over the Internet) to Windows Terminal Services, without using a VPN? Yes. By default, connections to terminal servers are secured by 128-bit, bi-directional RC4 encryption—when used with a client that supports 128-bit. (RDC is 128-bit by default). It is possible to connect with older clients using encryption lower than 128-bit, unless it’s specified that only high-encryption clients are allowed. An additional encryption level, labeled “FIPS Compliant” has been added to Terminal Server in Windows Server 2003. This level of security encrypts data sent from the client to the server, and from the server to the client, with the Federal Information Processing Standard (FIPS) encryption algorithms using Microsoft cryptographic modules. This new level of encryption is designed to provide compliance for organizations that require systems to be compliant with FIPS 140-1 (1994) and FIPS 140-2 (2001) standards for Security Requirements for Cryptographic Modules.
 
You could probably set up your software router to only allow RDP to listen from selective ips (kerio 2.1.5 will do this.) It doesn't prevent your password being sniffed somewhere along the internet if RDP has some insecurities, but tunelling would solve that.
 
for home use i think it's probably safe enough. my post was only meant to point out that the session is encrypted- by no means is it the best encryption available, and you should still run it through a VPN in a business environment.

in order to exploit this vulnerability you are going to need to fool the client into thinking it is connecting to the server when in reality it is connecting to your machine instead. this means perhaps arp poisoning on the local network. for a remote host DNS poisoning would work, but if you always connect to home using your home IP address this should not be an issue.

you could also send ICMP redirect pkts to the client to get them to route pkts bound for the terminal server to your machine. this is only going to work in situations where there is basically no firewall protecting the client though. no one should be allowing ICMP redirects into their network in this day and age.

does anyone else know how to implement this attack?

in any case, the attack is difficult, but possible. i'll have to check out C&A.

thanks for the post hokatichenci.
 
anyone want to chime in on this mental hacking excercise? i'd like to know if anyone has any other ideas on how to implement the attack, or if there are problems with the methods i listed.

TIA
 
Back
Top