- Joined
- Apr 2, 2007
- Messages
- 617
- Reaction score
- 72
- Points
- 0
- Location
- Oslo, Norway
- Website
- www.basefarm.no
Hi,
Possible to spoof a tsm server?
In an enviromnet with tsm server TSMA on ip 1.2.3.4, and a client runs happily here. Then a bad dude sets up a new tsm server with the same servername but on ip 7.8.9.10. He has access to the client, and creates an identical node with the same password on the new server. Lastly he creates a entry in the local host file and redirect DNS for TSMA to the new IP 7.8.9.10, and restarts the scheduler.
Is there a mechanisme that will detect this on the client side? OR will it send data as usual?
Does anyone know what happens during a tsm login session. I know you need node_name and password, but in the stored registry key, does it also verify the actual server?
I know that SSL can be used to prevent this, but is there a build in check too?
-= Trident =-
Possible to spoof a tsm server?
In an enviromnet with tsm server TSMA on ip 1.2.3.4, and a client runs happily here. Then a bad dude sets up a new tsm server with the same servername but on ip 7.8.9.10. He has access to the client, and creates an identical node with the same password on the new server. Lastly he creates a entry in the local host file and redirect DNS for TSMA to the new IP 7.8.9.10, and restarts the scheduler.
Is there a mechanisme that will detect this on the client side? OR will it send data as usual?
Does anyone know what happens during a tsm login session. I know you need node_name and password, but in the stored registry key, does it also verify the actual server?
I know that SSL can be used to prevent this, but is there a build in check too?
-= Trident =-