From: SMTP%"itudps@lux.levels.unisa.edu.au" 4-AUG-1996 08:20:14.51 To: ntsecurity@iss.net CC: Subj: Re: [NTSEC] Password Cracking This has been an interesting debate, but much of it has been centred on the assumption that it is Microsoft clients as well as servers being used, therefore I think some of things said about the protocol actually apply because of the brand of client. Anyone can (and many do) implement an SMB client, and this is where the NT server security is really tested. Have a look at the source code for Samba, particularly the client. Samba is a GPL'd implementation of SMB that runs on OS/2, Unix, VMS and other systems and you will find some very helpful things in it. One topic that has been under discussion here has been the challenge/response scheme. I think you may find that NT will allow the challenge to be skipped at the client's request - but have a look at and play with the smbclient code for yourself at ftp://samba.anu.edu.au/pub/samba (this code has also been implemented as a full redirector as well as a commandline interface.) For general info about the package see http://samba.canberra.edu.au/pub/samba. SMB has a lot of problems, which is why there is currently a multivendor effort on to create the Common Internet Filesystem (CIFS.) There is to be a workshop for CIFS this month hosted by Microsoft at which SCO, IBM, Samba, Syntax, AT&T and many of the others will be present. Its worth noting that Samba (which has no funding) is getting there thanks to a ticket from Microsoft, and Samba attendance at the previous session was paid for by X/Open, the UK-based standards organisation. This reads to me as saying that open discussion of the protocol is being encouraged by the big players, and that there is strong committment to CIFS. -- Dan Shearer email: Dan.Shearer@UniSA.edu.au Information Technology Unit Phone: +61 8 302 3479 University of South Australia Fax : +61 8 302 3385 ================== RFC 822 Headers ================== Return-Path: owner-ntsecurity@iss.net Received: by dimond.zko.dec.com (UCX V4.0-10B, OpenVMS V6.2 VAX); Sun, 4 Aug 1996 08:20:08 -0400 Received: from phoenix.iss.net by mail11.digital.com (8.7.5/UNX 1.2/1.0/WV) id IAA31419; Sun, 4 Aug 1996 08:12:46 -0400 (EDT) Received: (from majordom@localhost) by phoenix.iss.net (8.6.13/8.6.12) id EAA30749 for nt-out; Sat, 3 Aug 1996 04:07:23 -0400 Received: from LV.Levels.UniSA.Edu.Au (LV.Levels.UniSA.EDU.AU [130.220.16.6]) by phoenix.iss.net (8.6.13/8.6.12) with ESMTP id EAA30745 for ; Sat, 3 Aug 1996 04:07:20 -0400 Received: from lux.levels.unisa.edu.au (itudps@lux.Levels.UniSA.Edu.Au) by Levels.UniSA.Edu.Au (PMDF V5.0-4 #16957) id <01I7UIRB4PEE9I446Y@Levels.UniSA.Edu.Au> for ntsecurity@iss.net; Sat, 03 Aug 1996 17:38:41 +0930 Received: by lux.levels.unisa.edu.au (SMI-8.6/SMI-SVR4) id RAA12252; Sat, 03 Aug 1996 17:38:40 +0930 Date: Sat, 03 Aug 1996 17:38:40 +0930 (GMT+9:30) From: Dan Shearer Subject: Re: [NTSEC] Password Cracking In-reply-to: <199608020600.CAA18975@phoenix.iss.net> To: ntsecurity@iss.net Message-id: MIME-version: 1.0 Content-type: TEXT/PLAIN; charset=US-ASCII Content-transfer-encoding: 7BIT Sender: owner-ntsecurity@iss.net Errors-To: majordomo-errors@iss.net Precedence: bulk Reply-To: Dan Shearer