[wpkg-users] security issues

Marco Gaiarin gaio at sv.lnf.it
Mon Jun 11 09:27:07 CEST 2007


Mandi! Florian Klaempfl
  In chel di` si favelave...

> Is this a real issue? Having the ability to connect a machine with admin
> access to the network (this is required to setup a fake server) offers a
> lot of other possible DoS attacks (formatting a hard disk of a client PC
> is no more than a DoS attack to this machine).

I'm exactly thinking about this.

On a 'old domain' (NT4, Samba, W2k in compatibility mode) there's still
a 'machine account' that have to be setted up, and the machine account
have to be initialized with an administrator password (eg, someone in
Domain Admins group).

But if i've got an account in Domain Admins, nothing in the windows lan
are secure. At this point, using WPKG or not using WPKG it is only a
choiche of the attacker, that have *FULL* control of the lan...
I'm not aware of the existence of attacks to the 'machine account' of
NT4/samba.


The question, for me, is another: is the 'workgroup' a supported
environment for WPKG?
If yes, some sort of 'authentication' have to be implemented, or at
least state that a 'share level' password in the share are a minimum
requirement.

-- 
dott. Marco Gaiarin				    GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''                http://www.sv.lnf.it/
  Polo FVG  -  Via della Bontà, 7 - 33078  -  San Vito al Tagliamento (PN)
  marco.gaiarin(at)sv.lnf.it	  tel +39-0434-842711  fax +39-0434-842797


wpkg-users mailing list
wpkg-users at lists.wpkg.org
http://lists.wpkg.org/mailman/listinfo/wpkg-users



More information about the wpkg-users mailing list