Password Script

TheMSsForum.com: The Microsoft Software Forum

--____WEENQVSFLALVBXQGPDRH____
Content-Type: text/plain; charset=iso-8859-15
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline; modification-date="Thu, 23 Apr 2008 11:35:44
-0400"

Situation:=20

Running a VBS password script locally on a workstation (script has =
password) that would change a remote local admin server password. All =
units are within AD.=20

Question:=20

Wouldn't that type of traffic be able to be sniffed?
--____WEENQVSFLALVBXQGPDRH____
Content-Type: multipart/related; boundary="____GNLPTUBCZZSROYYPQNVK____"


--____GNLPTUBCZZSROYYPQNVK____
Content-Type: text/html; charset=iso-8859-15
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline; modification-date="Thu, 23 Apr 2008 11:35:44
-0400"

<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-15=
">
<META content=3D"MSHTML 6.00.6000.16628" name=3DGENERATOR></HEAD>
<BODY style=3D"MARGIN: 4px 4px 1px; FONT: 10pt Segoe UI">
<DIV>Situation: </DIV>
<DIV>&nbsp;</DIV>
<DIV>Running a VBS password script locally on a workstation (script has =
password) that would change a remote local admin server password. All =
units are within AD. </DIV>
<DIV>&nbsp;</DIV>
<DIV>Question: </DIV>
<DIV>&nbsp;</DIV>
<DIV>Wouldn't that type of traffic be able to be sniffed? </DIV></BODY></HT=
ML>
--____GNLPTUBCZZSROYYPQNVK____--

--____WEENQVSFLALVBXQGPDRH____--
Top

Re: Password Script by Dobromir

Dobromir
Thu Apr 24 04:36:25 CDT 2008

What does the script use: ADSI, LDAP, invokes comamnd line tools, etc? Can
you post the script?

--
---
HTH,
Dobromir

Learn more about Security and Identity Management:
Visit http://www.iamechanics.com

"Nicholas Edivan" <nedivan@nospam.gov> wrote in message
news:480F5750.5542.00AD.0@nospam.gov...
Situation:

Running a VBS password script locally on a workstation (script has password)
that would change a remote local admin server password. All units are within
AD.

Question:

Wouldn't that type of traffic be able to be sniffed?


Top

Re: Password Script by Roger

Roger
Thu Apr 24 09:30:30 CDT 2008

Most likely yes, it could be sniffed, but it depends, such as
on whether the network is switched, on which net segments
are traversed, whether IPsec is in use to encrypt the traffic,
on what technologies are used by the script, etc..

"Nicholas Edivan" <nedivan@nospam.gov> wrote in message
news:480F5750.5542.00AD.0@nospam.gov...
Situation:

Running a VBS password script locally on a workstation (script has password)
that would change a remote local admin server password. All units are within
AD.

Question:

Wouldn't that type of traffic be able to be sniffed?


--------------------------------------------------------------------------------


Situation:

Running a VBS password script locally on a workstation (script has password)
that would change a remote local admin server password. All units are within
AD.

Question:

Wouldn't that type of traffic be able to be sniffed?


Top

Re: Password Script by Nicholas

Nicholas
Fri Apr 25 08:08:58 CDT 2008


--____QYQGEWCXHNJJOUVIYXQM____
Content-Type: text/plain; charset=iso-8859-15
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline; modification-date="Sat, 25 Apr 2008 05:08:58
-0400"

There are 15 segments all running IPsec. The script is launched from a =
local workstation that is not part of the 15 segments. Created by OnScript =
Editor the script is as such: Creates a random complex password, LDAP =
server lookup, authenticates with Domain Admin to one server, changes =
password and moves on to the next server.=20

Since IPsec is running I believe the traffic will be able to be sniffed =
but not deciphered. Any thoughts...
--____QYQGEWCXHNJJOUVIYXQM____
Content-Type: multipart/related; boundary="____OOYRTNMOQMOCMKEZJIXU____"


--____OOYRTNMOQMOCMKEZJIXU____
Content-Type: text/html; charset=iso-8859-15
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline; modification-date="Sat, 25 Apr 2008 05:08:58
-0400"

<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-15=
">
<META content=3D"MSHTML 6.00.6000.16628" name=3DGENERATOR></HEAD>
<BODY style=3D"MARGIN: 4px 4px 1px; FONT: 10pt Segoe UI">
<DIV>There are 15 segments all running IPsec.&nbsp;The script is launched =
from a local workstation that is not part of the 15 segments. Created =
by&nbsp;OnScript Editor the script is as such: Creates a random complex =
password, LDAP server lookup, authenticates with Domain Admin to one =
server, changes password and moves on to the next server. </DIV>
<DIV>&nbsp;</DIV>
<DIV>Since IPsec is running I believe the traffic will be able to be =
sniffed but not deciphered. Any thoughts...</DIV></BODY></HTML>
--____OOYRTNMOQMOCMKEZJIXU____--

--____QYQGEWCXHNJJOUVIYXQM____--
Top

Re: Password Script by Dobromir

Dobromir
Sun Apr 27 02:20:16 CDT 2008

This is a multi-part message in MIME format.

------=_NextPart_000_0008_01C8A83F.85F2D870
Content-Type: text/plain;
charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable

So is this workstation running IPSec or not? If it's not, it will either =
run plain text traffic to the server (if the server is set for the IPSec =
Server Request Security mode), or unable to connect to the server (if =
the server is running IPSec Server Require Security Mode).

--=20
---=20
HTH,
Dobromir

Learn more about Security and Identity Management:
Visit http://www.iamechanics.com

"Nicholas Edivan" <nedivan@nospam.gov> wrote in message =
news:48119FAA.5542.00AD.0@nospam.gov...
There are 15 segments all running IPsec. The script is launched from a =
local workstation that is not part of the 15 segments. Created by =
OnScript Editor the script is as such: Creates a random complex =
password, LDAP server lookup, authenticates with Domain Admin to one =
server, changes password and moves on to the next server.=20

Since IPsec is running I believe the traffic will be able to be =
sniffed but not deciphered. Any thoughts...
------=_NextPart_000_0008_01C8A83F.85F2D870
Content-Type: text/html;
charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-15">
<META content=3D"MSHTML 6.00.6000.16640" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY style=3D"MARGIN: 4px 4px 1px; FONT: 10pt Segoe UI" =
bgColor=3D#ffffff>
<DIV><FONT face=3DArial>So is this workstation running IPSec or not? If =
it's not,=20
it will either run plain text traffic to the server (if the server is =
set for=20
the IPSec Server Request Security mode), or unable to connect to the =
server (if=20
the server is running IPSec Server Require Security Mode).</FONT></DIV>
<DIV><BR>-- <BR>--- <BR>HTH,<BR>Dobromir</DIV>
<DIV>&nbsp;</DIV>
<DIV>Learn more about Security and Identity Management:<BR>Visit <A=20
href=3D"http://www.iamechanics.com">http://www.iamechanics.com</A><BR></D=
IV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Nicholas Edivan" &lt;<A=20
href=3D"mailto:nedivan@nospam.gov">nedivan@nospam.gov</A>&gt; wrote in =
message=20
<A=20
=
href=3D"news:48119FAA.5542.00AD.0@nospam.gov">news:48119FAA.5542.00AD.0@n=
ospam.gov</A>...</DIV>
<DIV>There are 15 segments all running IPsec.&nbsp;The script is =
launched from=20
a local workstation that is not part of the 15 segments. Created=20
by&nbsp;OnScript Editor the script is as such: Creates a random =
complex=20
password, LDAP server lookup, authenticates with Domain Admin to one =
server,=20
changes password and moves on to the next server. </DIV>
<DIV>&nbsp;</DIV>
<DIV>Since IPsec is running I believe the traffic will be able to be =
sniffed=20
but not deciphered. Any thoughts...</DIV></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_0008_01C8A83F.85F2D870--

Top

Re: Password Script by Nicholas

Nicholas
Tue Apr 29 08:56:05 CDT 2008


--____MZZVIELAZFYNGIUEGREG____
Content-Type: text/plain; charset=iso-8859-15
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline; modification-date="Wed, 29 Apr 2008 05:56:05
-0400"

The workstation and server are both running IPSec: Required Mode
--____MZZVIELAZFYNGIUEGREG____
Content-Type: multipart/related; boundary="____ZGJYSXWBCDBJCYTYMUWB____"


--____ZGJYSXWBCDBJCYTYMUWB____
Content-Type: text/html; charset=iso-8859-15
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline; modification-date="Wed, 29 Apr 2008 05:56:05
-0400"

<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-15=
">
<META content=3D"MSHTML 6.00.6000.16628" name=3DGENERATOR></HEAD>
<BODY style=3D"MARGIN: 4px 4px 1px; FONT: 10pt Segoe UI">The workstation =
and server are both running IPSec: Required Mode</BODY></HTML>
--____ZGJYSXWBCDBJCYTYMUWB____--

--____MZZVIELAZFYNGIUEGREG____--
Top

Re: Password Script by Dobromir

Dobromir
Tue Apr 29 10:09:46 CDT 2008

This is a multi-part message in MIME format.

------=_NextPart_000_001E_01C8AA13.71BF6B90
Content-Type: text/plain;
charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable

In which case - provided that they are able to successfully negotitate =
an IPSec policy (which you can test by means of a single ping between =
them) - they WILL protect (authenticate peer identity, authenticate data =
integrity, and encyrpt) all traffic between them, regardless of whether =
your script, or any other application was running on the workstation.=20

IPSec is a security layer of abstraction which works along with IP. =
Upper layer protocols - including TCP/UDP and all the apps on top of =
them - use this transparent layer of abstraction without any specific =
configuration.

--=20
---=20
HTH,
Dobromir

Learn more about Security and Identity Management:
Visit http://www.iamechanics.com

"Nicholas Edivan" <nedivan@nospam.gov> wrote in message =
news:4816F0B5.5542.00AD.0@nospam.gov...
The workstation and server are both running IPSec: Required Mode
------=_NextPart_000_001E_01C8AA13.71BF6B90
Content-Type: text/html;
charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-15">
<META content=3D"MSHTML 6.00.6000.16640" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY style=3D"MARGIN: 4px 4px 1px; FONT: 10pt Segoe UI" =
bgColor=3D#ffffff>
<DIV><FONT face=3DArial>In which case - provided that they are able to=20
successfully negotitate an IPSec policy (which you can test by means of =
a single=20
ping between them) - they WILL protect (authenticate peer identity, =
authenticate=20
data integrity, and encyrpt) all traffic between them, regardless of =
whether=20
your script, or any other application was running on the workstation.=20
</FONT></DIV>
<DIV><FONT face=3DArial></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial>IPSec is a security layer of abstraction which =
works along=20
with IP. Upper layer protocols - including TCP/UDP and all the apps on =
top of=20
them - use this transparent layer of abstraction without any specific=20
configuration.</FONT></DIV>
<DIV><BR>-- <BR>--- <BR>HTH,<BR>Dobromir</DIV>
<DIV>&nbsp;</DIV>
<DIV>Learn more about Security and Identity Management:<BR>Visit <A=20
href=3D"http://www.iamechanics.com">http://www.iamechanics.com</A><BR></D=
IV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Nicholas Edivan" &lt;<A=20
href=3D"mailto:nedivan@nospam.gov">nedivan@nospam.gov</A>&gt; wrote in =
message=20
<A=20
=
href=3D"news:4816F0B5.5542.00AD.0@nospam.gov">news:4816F0B5.5542.00AD.0@n=
ospam.gov</A>...</DIV>The=20
workstation and server are both running IPSec: Required=20
Mode</BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_001E_01C8AA13.71BF6B90--

Top