|
COMMAND Eventlog deception SYSTEMS AFFECTED Windows 2000 (All service pack levels) Windows XP PROBLEM Based on Xato Network Security advisory at [http://www.xato.net/reference/xato-112001-01.txt] : Terminal Server records client connection not based on the TCP header IP adress, but on the datagram of Remote Desktop Protocol which includes client name and IP. Hence it is possible to fool the logs of the TSE server by modifying Ip value passed on in RDP. SOLUTION Nothing yet.