Access Denied: Cracking Kerberos Packets
Randy Franklin Smith
Can you sniff Kerberos packets and crack them to obtain the user's password, as you can by using @stake's LC4 on Windows NT LAN Manager (NTLM) packets?
Although stronger than NTLM, Kerberos is still based on user passwords. A weak user password remains vulnerable even if your Windows XP or Windows 2000 workstation uses Kerberos to authenticate to the domain controller (DC). Arne Vidstrom wrote a Kerberos sniffer and cracker, KerbCrack (http://ntsecurity.nu/toolbox/kerbcrack), that demonstrates this vulnerability.
You have a few options for protecting yourself from attackers who might sniff and crack NTLM or Kerberos authentication traffic either on your intranet or on the Internet. One option is to try to convince your users to select strong, hard-to-guess passwords, enforce minimum password lengths and password complexity, then back up those measures by periodically using a password cracker such as LC4 to audit password strength. However, this method is a lot of work and usually isn't successful because users resist selecting strong passwords. Some organizations try to secure their internal networks against password sniffing by implementing a fully switched network so that each computer receives only the packets destined for it. However, attackers can use Address Resolution Protocol (ARP) redirects to sniff across switches or can hack switches.
Want to read more? This is a subscriber-only article available to Security Administrator subscribers. Log on below or subscribe now.
Log On Help
Forgot my username/password
Help! I have a Contact ID but not a username & password
If you are not currently a subscriber, you may gain access to this article and others like it by choosing one of these options:
Registration Level (FREE)
Complete a simple, one-time registration process, and you be able to:
• View important selected articles on our network
• Participate in our technical forums
• Receive exclusive discounts for 25% off Windows & .NET Magazine and 25% off our print newsletters
• Download your choice of eBook covering scripting, PKI, or Active Directory
Print Subscriber Level
[Show Security offers]
Super CD/VIP members get it all! Super CD/VIP level benefits include access to every article on our network, including VIP-exclusive articles that can't be found anywhere else.
• Free IDC white paper about Active Directory adoption!
• CommVault - Free White Paper – Managing the Infinite Inbox
• Integrate FAX with Exchange/Outlook (Free Whitepaper & ROI)
• Is your Exchange data protected? Free whitepaper learn how.
• Free! 'Admins Shortcut Guide to Email Protection' from Sybari
• The world's #1 webhost is here. Get 3 years free.
• Comparison Paper: The Argent Guardian Easily Beats Out MOM
• Deploy a wireless LAN with solutions and products from Intel
• Get a free sample issue of Windows & .NET Magazine
• Get the latest SQL Server 2000 system table map poster here!
• How to Pick the Right Anti-Spam Solution: Free Web Seminar
• Try a sample issue of Windows Scripting Solutions - free!
• Register now - free web seminar: Patch Managment
• Visit IT Buyer’s Network : find rebates, search products!
• Understanding Identity Management - Free Web Seminar!
Our Other Websites: CertTutor | Connected Home | JSI FAQ | IT Library/eBooks | SuperSite | Windows FAQ | WinInfo News
Home | Subscribe / Register | About Us | Contact Us / Customer Service | Affiliates / Licensing | Press Room | Media Kit
Windows & .NET Magazine Network is a Division of Penton Media Inc.