[July 2003]      

Access Denied: Cracking Kerberos Packets

        

Randy Franklin Smith

Access Denied

InstantDoc #39242

Security Administrator

Can you sniff Kerberos packets and crack them to obtain the user's password, as you can by using @stake's LC4 on Windows NT LAN Manager (NTLM) packets?


Although stronger than NTLM, Kerberos is still based on user passwords. A weak user password remains vulnerable even if your Windows XP or Windows 2000 workstation uses Kerberos to authenticate to the domain controller (DC). Arne Vidstrom wrote a Kerberos sniffer and cracker, KerbCrack (http://ntsecurity.nu/toolbox/kerbcrack), that demonstrates this vulnerability.


You have a few options for protecting yourself from attackers who might sniff and crack NTLM or Kerberos authentication traffic either on your intranet or on the Internet. One option is to try to convince your users to select strong, hard-to-guess passwords, enforce minimum password lengths and password complexity, then back up those measures by periodically using a password cracker such as LC4 to audit password strength. However, this method is a lot of work and usually isn't successful because users resist selecting strong passwords. Some organizations try to secure their internal networks against password sniffing by implementing a fully switched network so that each computer receives only the packets destined for it. However, attackers can use Address Resolution Protocol (ARP) redirects to sniff across switches or can hack switches.


Want to read more? This is a subscriber-only article available to Security Administrator subscribers. Log on below or subscribe now.


Log On    Help

Username:

Password:

    Remember Me

SubmitSubmit

Forgot my username/password


Help! I have a Contact ID but not a username & password


New Users

If you are not currently a subscriber, you may gain access to this article and others like it by choosing one of these options:


    Registration Level (FREE)

Complete a simple, one-time registration process, and you be able to:

      • View important selected articles on our network

      • Participate in our technical forums

      • Receive exclusive discounts for 25% off Windows & .NET Magazine and 25% off our print newsletters

      • Download your choice of eBook covering scripting, PKI, or Active Directory    

    Print Subscriber Level

[Show Security offers]    


    SuperCD/VIP Level

Super CD/VIP members get it all! Super CD/VIP level benefits include access to every article on our network, including VIP-exclusive articles that can't be found anywhere else.    


 Sponsored Links

 • Free IDC white paper about Active Directory adoption!

 • CommVault - Free White Paper – Managing the Infinite Inbox

 • Integrate FAX with Exchange/Outlook (Free Whitepaper & ROI)

 • Is your Exchange data protected? Free whitepaper learn how.

 • Free! 'Admins Shortcut Guide to Email Protection' from Sybari

 • The world's #1 webhost is here. Get 3 years free.

 • Comparison Paper: The Argent Guardian Easily Beats Out MOM

 • Deploy a wireless LAN with solutions and products from Intel

    

Featured Links

 • Get a free sample issue of Windows & .NET Magazine

 • Get the latest SQL Server 2000 system table map poster here!

 • How to Pick the Right Anti-Spam Solution: Free Web Seminar

 • Try a sample issue of Windows Scripting Solutions - free!

 • Register now - free web seminar: Patch Managment

 • Visit IT Buyer’s Network : find rebates, search products!

 • Understanding Identity Management - Free Web Seminar!

  Our Other Websites:   CertTutor   |   Connected Home   |   JSI FAQ   |   IT Library/eBooks   |   SuperSite   |   Windows FAQ   |   WinInfo News


Home   |   Subscribe / Register   |   About Us   |   Contact Us / Customer Service   |   Affiliates / Licensing   |   Press Room   |   Media Kit


Windows & .NET Magazine Network is a Division of Penton Media Inc.

Copyright © 2003 Penton Media, Inc., All rights reserved. Legal | Privacy Policy

http://www.win2000mag.net/

http://www.win2000mag.net/forums

http://www.win2000mag.net/WindowsSecurity/Article/ArticleID/39242/39242.html

http://www.win2000mag.net/WindowsSecurity/Article/ArticleID/22791/22791.html

http://www.win2000mag.net/Channels/Windows2000/

http://www.win2000mag.net/Channels/WebAdmin/