Terminal Service Denial of Service

G

Guest

Basically an attacker using NMap at the same time utilizing a SYN scan method
could cause Terminal Services to restart.

Are there any possible remediations for this vulnerability?

Thanks.
Sal
 
L

Lanwench [MVP - Exchange]

Sal said:
Basically an attacker using NMap at the same time utilizing a SYN
scan method could cause Terminal Services to restart.

Are there any possible remediations for this vulnerability?

Thanks.
Sal
Click to expand...

Not sure - this isn't really my area, but note that TS questions are best
asked in m.p.windows.terminal_services....you may get a lot more help there.
Also provide more detail about your setup - firewall, VPN (if used), etc....
 
S

Steven L Umbach

You can use a VPN to connect to TS and possibly a firewall could deter the
attack or modifiyng the tcp/ip parameters on the TS. The links below have
more details on what tcp/ip parameters can be hardened via the registry.
For instance Set SynAttackProtect to 2 could be implemented. --- Steve

http://www.microsoft.com/technet/itsolutions/network/deploy/depovg/tcpip2k.mspx
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q120642&sd=tech
http://support.microsoft.com/default.aspx?scid=kb;en-us;q315669&sd=tech
 
K

Karl Levinson, mvp

Basically an attacker using NMap at the same time utilizing a SYN scan method
could cause Terminal Services to restart.

Are there any possible remediations for this vulnerability?
Click to expand...

Did you google? Where did you read about this? Is there a CVE number or
BID number? If you're talking about this vulnerability:

http://www.securityfocus.com/bid/5376/discussion/
http://www.winnetmag.com/Article/ArticleID/37878/37878.html

"The discoverer posted a workaround for Windows 2000 that suggests removing
all permissions on msgina.dll for Power Users, Users, and Everyone."

Not to be cold, but there are a large number of ways someone could DoS you,
and it seems unlikely that anyone would perform this old attack against you
to do it.

Are you really sure you want to be making Terminal Services available from
the Internet? I agree that keeping this port closed at the firewall and
forcing Internet users to VPN or dial into the network first to do TS may be
preferable.

Presumably Microsoft may have already investigated this and may have
determined that it was not feasible to code a solution.


kind regards,

Karl Levinson, CISSP, MCSE, MS MVP Security
(e-mail address removed)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Microsoft patches critical flaw in Windows Defender 1
CloudPets stuffed toys leak details of half a million users 1
Symantec Client Firewall Denial of Service Vulnerability 6
MS July Hot-fixes ... please update 0
Microsoft bots perform denial of service 0
Terminal Services Service Error 1079 on Vista Business 1
Terminal Services service and Windows Security Alerts 5
Terminal service + scan documents to network drive. 7

Top