This attack can not be prevented by NTLMv2, because in a same way
attacker can relay server's response. This kind of attack is possible
because of pass-through authentication. This attack may be prevented by
SMB signing, which is available since SP3.
Kerberos does not prevent this attack too, because Kerberos is not
mandatory. Attacker can initiate NTLM with both client and server.
3APA3A. MCSE. MCT.
--Tuesday, April 22, 2003, 1:41:49 AM, you wrote to bugtraq (at) securityfocus (dot) com [email concealed]:
JJ> You don't need to wait. This is prevented with NTLM v.2, which shipped
JJ> with Windows NT 4.0 SP4 in October 1998. This type of attack is also
JJ> foiled with Kerberos, which is negotiated by default in a Windows 2000
JJ> or higher domain.
JJ> To learn more about using NTLM v.2 and Kerberos, refer to the Windows
JJ> Jesper M. Johansson
JJ> Security Program Manager
JJ> Microsoft Corporation
This attack can not be prevented by NTLMv2, because in a same way
attacker can relay server's response. This kind of attack is possible
because of pass-through authentication. This attack may be prevented by
SMB signing, which is available since SP3.
Kerberos does not prevent this attack too, because Kerberos is not
mandatory. Attacker can initiate NTLM with both client and server.
3APA3A. MCSE. MCT.
--Tuesday, April 22, 2003, 1:41:49 AM, you wrote to bugtraq (at) securityfocus (dot) com [email concealed]:
JJ> You don't need to wait. This is prevented with NTLM v.2, which shipped
JJ> with Windows NT 4.0 SP4 in October 1998. This type of attack is also
JJ> foiled with Kerberos, which is negotiated by default in a Windows 2000
JJ> or higher domain.
JJ> To learn more about using NTLM v.2 and Kerberos, refer to the Windows
JJ> Jesper M. Johansson
JJ> Security Program Manager
JJ> Microsoft Corporation
--
~/ZARAZA
Æàëî ìíå íå ïîíàäîáèòñÿ (Ñ. Ëåì)
[ reply ]