[Samba] how safe is "net use" in a batch file? plus some encryption questions
Stefan G. Weichinger
lists at xunil.at
Sat Nov 11 21:59:39 UTC 2017
Am 2017-11-11 um 20:48 schrieb Rowland Penny via samba:
> On Sat, 11 Nov 2017 13:32:31 -0600
> Andrew Walker <walker.aj325 at gmail.com> wrote:
>
>> I thought "net use" will use ntlm for auth (no clear-text passwords
>> passing over the wire). At least that's what I see in wireshark on
>> modern windows.
>>
>
> If you use NTLMv1, you might as well use plain passwords. Given the
> NTLMv1 password, it would take your average badhat about half an hour
> to have the plain password.
That will be first priority to get rid of that, sure.
Plus new passwords after closing that gap.
>> Unless your XP systems are air-gapped, it is that bad ;-)
>>
>> I know that in some cases it's impractical to upgrade Windows
>> versions. For instance, I helped a man once who had a machine shop /
>> small business. His CNC mill required windows 98. Replacing the CNC
>> mill would cost over $50,000, which was not practical; however,
>> keeping the network air-gapped was practical.
>
> There are cases when using an old OS version is valid, but they are few
> and far between, the case above is one of them. In Stefan's case, I am
> sure that an upgrade path can be found, it may prove to be cheaper in
> the long run ;-)
This is a very protected environment: the VMs are only accessible from a
specific subnet etc etc
But I agree: XP shouldn't be there anymore.
More information about the samba
mailing list