Re: [NTSysADM] Kerberos over UDP on Windows 10 and Server 2012 R2

Well, you were obvious much more motivated and had more time to search than I did. Good find. Kurt On Thu, Nov 10, 2016 at 11:40 AM, Christopher Bodnar < christopher_bod...@glic.com> wrote: > OK, based on this, I think he is correct: > > > > I’ve been running a WireShark trace on a few DCs

RE: [NTSysADM] Kerberos over UDP on Windows 10 and Server 2012 R2

I thought I was right. ☺ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Christopher Bodnar Sent: Thursday, November 10, 2016 2:40 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Kerberos over UDP on Windows 10 and Server 2012 R2 OK, based

RE: [NTSysADM] Kerberos over UDP on Windows 10 and Server 2012 R2

OK, based on this, I think he is correct: I’ve been running a WireShark trace on a few DCs today (2008 domains and 2012 domains), and not seeing any UDP 88 traffic. I did find this: [cid:image001.png@01D23B60.53FD8AF0] https://technet.microsoft.com/en-us/library/cc738673(v=ws.10).aspx So

Re: [NTSysADM] LDAP Ping question

Dang, I completely forgot this. Don't necessarily need netmon for capturing: Netsh will capture packets too! https://isc.sans.edu/diary/19409 On Tue, Nov 8, 2016 at 6:57 AM, Christopher Bodnar < christopher_bod...@glic.com> wrote: > I was in the same boat, really never noticed this, until I had

Re: [NTSysADM] Kerberos over UDP on Windows 10 and Server 2012 R2

I'd ask that colleague where he got the idea. I'm not seeing any documentation on this either. But, I did see this, which is interesting, even if unrelated: http://blogs.msmvps.com/acefekay/2016/11/01/active-directory-flexible-authentication-secure-tunneling-fast/ Kurt On Thu, Nov 10, 2016 at

Re: [NTSysADM] Managed Anti-Malware for Servers

I used Cylance at a previous employer and was very impressed. Bromium wouldn't sell to me because they weren't interested anything fewer than 1000 licenses (or maybe it was 10,000). Cylance's minimum was 100 I think. On Thu, Nov 10, 2016 at 9:00 AM, James Rankin wrote: >

[NTSysADM] RE: Kerberos over UDP on Windows 10 and Server 2012 R2

My 2016 DC/DNS has both _tcp and _udp entries for _kerberos port 88. That's all the info I have. Thanks Carl Webster Citrix Technology Professional

[NTSysADM] Kerberos over UDP on Windows 10 and Server 2012 R2

A colleague told me that these operating systems no longer use UDP 88 for Kerberos, that they only use TCP. Is that correct? If so, can someone point me to an MS document that discusses this? I've looked and haven't been able to find anything. I am aware that you can force Kerberos to use TCP:

RE: [NTSysADM] Managed Anti-Malware for Servers

Cylance looks awesome. But also awesomely expensive (£40/user per year!) Bromium is good stuff too – made even better because one of my favourite “honorary Englishmen” Dan Allen works there ☺ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster

RE: [NTSysADM] Managed Anti-Malware for Servers

Have you looked at Cylance or Bromium? Thanks Carl Webster Citrix Technology Professional

RE: [NTSysADM] Managed Anti-Malware for Servers

Not that I have seen, but I have not tested them all. We got hit with a very targeted attack with ransomware. We were fine with our regular defenses, but I was playing around looking at it and one of the things I did was try a few AV’s on it. From: listsad...@lists.myitforum.com