Finally got around to a blog post about how to block Lan Turtle / poison tap / bash bunny type devices in windows: http://passing-the-hash.blogspot.com/2017/03/blocking-lan-turtle-poison-tap-bash.html …
Isn't the whole thing only an issue if you're submitting credentials or private data to unauthenticated servers or in clear?
-
-
you can use an smb relay attack as the turtle is a MiTM
-
SMB is unauthenticated to the client. Broken protocol. Don't use.
-
it's the NTLM 2.0 packets that are the issue, need to use kerbs
-
Another broken protocol that should not be in use. Right fix is disabling broken protocols not devices.
-
the challenge is not that easy to fix the protocol that is in use on millions of systems. hell look at sha-1
-
The challenge is bad legacy enterprise crap. Normal users don't need this stuff anyway.
-
And TBF theses protocols are broken a lot worse than sha1. Takes <$50 to crack, vs
$Ms.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.