Credentials Relay Prevention
theoren28 at hotmail.com
Wed Sep 3 16:31:45 MDT 2014
Can Credentials Relay be prevented for Linux Samba Clients?
Namely, is there some configuration parameter such that Linux Samba Client <-> Samba Server using correct domain credentials should work but Linux Samba Client <-> TCP Proxy (MITM) <-> Samba Server should be rejected?
SMB Signing and/or forcing NTLMv2 does not seem to help here as no payload manipulations are made.
Related Microsoft/Attack posts.
More information about the samba-technical