One of the mainstays of an NT network is MS Exchange. Last
time I checked our config, Exchange won't run without WINS.
Adam Shostack wrote:
>
> This is true, and mostly irrelevant, because there are almost no
> networks without Win9x on them, and NT can't be configured to use only
> NTLM hashes without stopping access from Win9x. This is because MS
> declines to release a patch to those OSs to use a reasonable
> authentication method.
>
> Adam
>
> On Thu, Jun 10, 1999 at 03:29:53PM +1000, John Wiltshire wrote:
> | > http://www.microsoft.com/security/downloads/ITSEC_NT4.0_Installation.EXE
> | > "What the user does not see are internal workings, such as the
> | > system-level encryption of their password so that it is never
> | > passed over
> | > the wire in clear text."
> | >
> | > What they would see is the LanMan hash, the entire Keyspace
> | > of which can
> | > be brute forced on an UltraSparc in a few hours with l0pht Crack. (see
> | > http://www.l0pht.com )
> |
> | FUD. NT can easily be configured to never send the LanMan hash. In fact,
> | in the configuration we are talking about, you disable the "Server" and
> | "Workstation" services anyway so no one can get an SMB connection or any
> | hash at all from the machine.
>
> --
> "It is seldom that liberty of any kind is lost all at once."
> -Hume
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
--
John Stewart
SUPSHIP San Diego
Information Systems Security Mgr
--------------------------------
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
