Well, you were obvious much more motivated and had more time to search than
I did.
Good find.
Kurt
On Thu, Nov 10, 2016 at 11:40 AM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:
> OK, based on this, I think he is correct:
>
>
>
> I’ve been running a WireShark trace on a few DCs
I thought I was right. ☺
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Christopher Bodnar
Sent: Thursday, November 10, 2016 2:40 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Kerberos over UDP on Windows 10 and Server 2012 R2
OK, based
OK, based on this, I think he is correct:
I’ve been running a WireShark trace on a few DCs today (2008 domains and 2012
domains), and not seeing any UDP 88 traffic. I did find this:
[cid:image001.png@01D23B60.53FD8AF0]
https://technet.microsoft.com/en-us/library/cc738673(v=ws.10).aspx
So
Dang, I completely forgot this. Don't necessarily need netmon for capturing:
Netsh will capture packets too!
https://isc.sans.edu/diary/19409
On Tue, Nov 8, 2016 at 6:57 AM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:
> I was in the same boat, really never noticed this, until I had
I'd ask that colleague where he got the idea. I'm not seeing any
documentation on this either.
But, I did see this, which is interesting, even if unrelated:
http://blogs.msmvps.com/acefekay/2016/11/01/active-directory-flexible-authentication-secure-tunneling-fast/
Kurt
On Thu, Nov 10, 2016 at
I used Cylance at a previous employer and was very impressed. Bromium
wouldn't sell to me because they weren't interested anything fewer than
1000 licenses (or maybe it was 10,000). Cylance's minimum was 100 I think.
On Thu, Nov 10, 2016 at 9:00 AM, James Rankin wrote:
>
My 2016 DC/DNS has both _tcp and _udp entries for _kerberos port 88. That's all
the info I have.
Thanks
Carl Webster
Citrix Technology Professional
A colleague told me that these operating systems no longer use UDP 88 for
Kerberos, that they only use TCP. Is that correct? If so, can someone point me
to an MS document that discusses this? I've looked and haven't been able to
find anything. I am aware that you can force Kerberos to use TCP:
Cylance looks awesome. But also awesomely expensive (£40/user per year!)
Bromium is good stuff too – made even better because one of my favourite
“honorary Englishmen” Dan Allen works there ☺
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Webster
Have you looked at Cylance or Bromium?
Thanks
Carl Webster
Citrix Technology Professional
Not that I have seen, but I have not tested them all. We got hit with a very
targeted attack with ransomware. We were fine with our regular defenses, but I
was playing around looking at it and one of the things I did was try a few AV’s
on it.
From: listsad...@lists.myitforum.com
11 matches
Mail list logo