Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Windows :: win4859.htm

Eventlog deception
15th Nov 2001 [SBWID-4859]

	Eventlog deception


	 Windows 2000 (All service pack levels) 

	 Windows XP



	Based      on      Xato      Network      Security      advisory      at
	[] :

	Terminal Server records client connection not based on  the  TCP  header
	IP adress,  but  on  the  datagram  of  Remote  Desktop  Protocol  which
	includes client name and IP.

	Hence it is possible to fool the logs of the TSE server by modifying  Ip
	value passed on in RDP.


	Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH