这几日看Exchange server 的一些文档,对其的安全控制和相关的协议比较感兴趣。遂在网上找了一些如何配置Kerberos来抵御Sniffer的嗅探,以及一个Sniffer如何来获取Kerberos的交互信息,和如何保护主机使其避免针对Kerberos的攻击。
放一些资料的链接保存在blog上面:
Protect Yourself Against Kerberos Attacks
http://www.windowsdevcenter.com/pub/a/windows/excerpt/swarrior_ch14/index1.htmlMIT上关于Kerberos的FAQ,一些常见的问题:
ftp://aeneas.mit.edu/pub/kerberos/doc/KERBEROS.FAQWin2k/XP下kerberos login sniffer and crack,
KerbCrack . consists of two programs, kerbsniff and kerbcrack
http://ntsecurity.nu/toolbox/kerbcrack/对Kerberos Password Sniffing的探讨:
http://mailman.mit.edu/pipermail/kerberos/2002-December/002231.htmlKerberos: An Authentication Service for Computer Networks,这篇文档讲的比较详析:http://gost.isi.edu/publications/kerberos-neuman-tso.html