Brian Vagnoni on 30 Aug 2008 18:08:53 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Question about Remote Desktop through a NAT


My argument here is that it takes time, lots of time and effort.
Penetrations don't always happen in a bolt from the blue. Attackers do
recon, a of recon. Recon isn't always invisible. The remote admin port being
open for a short time is an extremely low risk. You would literally have to
be sitting there at the precise moment and already have the users login
cred's to the router. You simply cannot brute force a strong password in 15
minutes on a standard wide area network. Then once the admin port closed you
are once again locked out especially if the router is rebooted at that point
and the connection broken. Even if you get through you still need to defeat
the OS' it's firewall, and cred's.

For example a "local" unix password file with John the Ripper on a 1.8ghz
dual cpu mac running osx took 8 days to crack an 8 character password.

Anyway I'm sure the list is already getting tired of this, I know I am. So
please if you want to continue this or anyone else for that matter please
let us take it off the list.

Brian Vagnoni
PGP Digital Fingerprint
F076 6EEE 06E5 BEEF EBBD  BD36 F29E 850D FC32 3955

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --