From: Good Bad <nbko3@ya...> - 2008-05-12 07:09:40
I heard Windows built-in RDP clients have MITM issue.
Is rdesktop also vulnerable to MITM?
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
From: Ken Cobler <kcobler@co...> - 2008-05-12 11:55:34
Good Bad wrote:
> I heard Windows built-in RDP clients have MITM issue.
> Is rdesktop also vulnerable to MITM?
RDP protocol (regardless of client) suffers MITM because there is no
exchange of keys to authenticate the sender and the receiver during
communication. How I have chosen to resolve this issue is I put a SSH
server in front of the Windows server. The client uses an SSH client
and configures a SSH tunnel from their machine to the Windows server.
The client machine then directs their RDP client (rdesktop, Remote
Desktop Connection) to use the locally redirected SSH tunnel to connect
to the remote server.