Terminal Service Denial of Service
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.security (More info?)
Basically an attacker using NMap at the same time utilizing a SYN scan method
could cause Terminal Services to restart.
Are there any possible remediations for this vulnerability?
Thanks.
Sal
Basically an attacker using NMap at the same time utilizing a SYN scan method
could cause Terminal Services to restart.
Are there any possible remediations for this vulnerability?
Thanks.
Sal
More about : terminal service denial service
Archived from groups: microsoft.public.win2000.security (More info?)
Sal wrote:
> Basically an attacker using NMap at the same time utilizing a SYN
> scan method could cause Terminal Services to restart.
>
> Are there any possible remediations for this vulnerability?
>
> Thanks.
> Sal
Not sure - this isn't really my area, but note that TS questions are best
asked in m.p.windows.terminal_services....you may get a lot more help there.
Also provide more detail about your setup - firewall, VPN (if used), etc....
Sal wrote:
> Basically an attacker using NMap at the same time utilizing a SYN
> scan method could cause Terminal Services to restart.
>
> Are there any possible remediations for this vulnerability?
>
> Thanks.
> Sal
Not sure - this isn't really my area, but note that TS questions are best
asked in m.p.windows.terminal_services....you may get a lot more help there.
Also provide more detail about your setup - firewall, VPN (if used), etc....
Archived from groups: microsoft.public.win2000.security (More info?)
You can use a VPN to connect to TS and possibly a firewall could deter the
attack or modifiyng the tcp/ip parameters on the TS. The links below have
more details on what tcp/ip parameters can be hardened via the registry.
For instance Set SynAttackProtect to 2 could be implemented. --- Steve
http://www.microsoft.com/technet/itsolutions/network/de...
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q120642&sd=tech
http://support.microsoft.com/default.aspx?scid=kb;en-us;q315669&sd=tech
"Sal" <Sal@discussions.microsoft.com> wrote in message
news![:D]( ":D")
74559E3-8791-4C6E-B031-369D4C00CA85@microsoft.com...
> Basically an attacker using NMap at the same time utilizing a SYN scan
> method
> could cause Terminal Services to restart.
>
> Are there any possible remediations for this vulnerability?
>
> Thanks.
> Sal
You can use a VPN to connect to TS and possibly a firewall could deter the
attack or modifiyng the tcp/ip parameters on the TS. The links below have
more details on what tcp/ip parameters can be hardened via the registry.
For instance Set SynAttackProtect to 2 could be implemented. --- Steve
http://www.microsoft.com/technet/itsolutions/network/de...
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q120642&sd=tech
http://support.microsoft.com/default.aspx?scid=kb;en-us;q315669&sd=tech
"Sal" <Sal@discussions.microsoft.com> wrote in message
news
74559E3-8791-4C6E-B031-369D4C00CA85@microsoft.com...> Basically an attacker using NMap at the same time utilizing a SYN scan
> method
> could cause Terminal Services to restart.
>
> Are there any possible remediations for this vulnerability?
>
> Thanks.
> Sal
Archived from groups: microsoft.public.win2000.security (More info?)
"Sal" <Sal@discussions.microsoft.com> wrote in message
news![:D]( ":D")
74559E3-8791-4C6E-B031-369D4C00CA85@microsoft.com...
> Basically an attacker using NMap at the same time utilizing a SYN scan
method
> could cause Terminal Services to restart.
>
> Are there any possible remediations for this vulnerability?
Did you google? Where did you read about this? Is there a CVE number or
BID number? If you're talking about this vulnerability:
http://www.securityfocus.com/bid/5376/discussion/
http://www.winnetmag.com/Article/ArticleID/37878/37878....
"The discoverer posted a workaround for Windows 2000 that suggests removing
all permissions on msgina.dll for Power Users, Users, and Everyone."
Not to be cold, but there are a large number of ways someone could DoS you,
and it seems unlikely that anyone would perform this old attack against you
to do it.
Are you really sure you want to be making Terminal Services available from
the Internet? I agree that keeping this port closed at the firewall and
forcing Internet users to VPN or dial into the network first to do TS may be
preferable.
Presumably Microsoft may have already investigated this and may have
determined that it was not feasible to code a solution.
kind regards,
Karl Levinson, CISSP, MCSE, MS MVP Security
levinson_k@despammed.com
"Sal" <Sal@discussions.microsoft.com> wrote in message
news
74559E3-8791-4C6E-B031-369D4C00CA85@microsoft.com...> Basically an attacker using NMap at the same time utilizing a SYN scan
method
> could cause Terminal Services to restart.
>
> Are there any possible remediations for this vulnerability?
Did you google? Where did you read about this? Is there a CVE number or
BID number? If you're talking about this vulnerability:
http://www.securityfocus.com/bid/5376/discussion/
http://www.winnetmag.com/Article/ArticleID/37878/37878....
"The discoverer posted a workaround for Windows 2000 that suggests removing
all permissions on msgina.dll for Power Users, Users, and Everyone."
Not to be cold, but there are a large number of ways someone could DoS you,
and it seems unlikely that anyone would perform this old attack against you
to do it.
Are you really sure you want to be making Terminal Services available from
the Internet? I agree that keeping this port closed at the firewall and
forcing Internet users to VPN or dial into the network first to do TS may be
preferable.
Presumably Microsoft may have already investigated this and may have
determined that it was not feasible to code a solution.
kind regards,
Karl Levinson, CISSP, MCSE, MS MVP Security
levinson_k@despammed.com
Archived from groups: microsoft.public.win2000.security (More info?)
Thank You all for the repsonses.
"Sal" wrote:
> Basically an attacker using NMap at the same time utilizing a SYN scan method
> could cause Terminal Services to restart.
>
> Are there any possible remediations for this vulnerability?
>
> Thanks.
> Sal
Thank You all for the repsonses.
"Sal" wrote:
> Basically an attacker using NMap at the same time utilizing a SYN scan method
> could cause Terminal Services to restart.
>
> Are there any possible remediations for this vulnerability?
>
> Thanks.
> Sal
Related ressources:
- ForumDenial of service attacks
- ForumRDP Denial of Service in XP Pro
- ForumLinksys Multiple Models - Denial Of Service Vulnerability
- ForumNewbie: Denial of Service Attack against NAT router
- ForumIn service .msc -my terminal services is not showing
- ForumUrgent - Win XP Terminal Service (remote desktop connection)
- ForumTerminal service error 1079 when trying to start service win 2008
- ForumHelp terminal service
- Forumrunning terminal service on windows xp?
- ForumTerminal service Client Access
- ForumParallel and com ports not appearing in device manager
- ForumDisable "Allow logon to terminal server"
- ForumMSXML 2.6 Service Pack 3
- ForumTerminal Services (Administration mode) Security
- ForumDenial of Download of Office 2000
- ForumService Pack 4 Problem
- ForumService Account Authority
- ForumLog on as a service - How to give this right to a user
- ForumASP.NET service fail to start during bootup but succeed la..
- ForumTerminal Services + IPsec using certificates?
- More resources
!
