Analysis of NTLM security policy in Win 2000

Source: Internet
Author: User
Tags client

In small and medium sized networks, many users choose Windows 2000 as the network OS, using their simple configuration and user-familiar graphical interface to provide Internet services, Telnet is one of the services it provides. The most basic application of Telnet is a remote login for the Internet, sharing resources from a distant system. It allows users to sit in front of the computer keyboard on the Internet access to another computer on the Internet, and is responsible for the user input each character to the host, and then the host output of each message back to the screen. This connectivity can occur in the same room with computers or computers that have been online in all areas of the world. The Telnet service, like other network applications, is a client/server model, and once connected, the client can enjoy all the services provided by the server.

Windows 2000 has the Telnet service installed by default, but it does not start by default. You can start the service by using the Start Network Tools service (or by running the Tlntsvr.exe program). On the client click the Start button, select Run from the pop-up menu, and then enter the following command to establish the connection:

Telnet[remote-system][port-number]

This will be displayed on the screen:

  

Normally, after the service starts, typing the command should be the remote computer loopback login and password information, prompting the user for a username and password. This is true under the Linux network operating system:

Telnet porky.math.ukans.edu

Trying 129.237.128.11 ...

Connected to porky.math.ukans.edu.

Escape character is ' ^] '.

SunOS UNIX (Porky)

Login:wl

Password:xxxxxx

But take a closer look at the above display, did not give you the opportunity to enter a username and password, direct disconnect, this is what reason? This is the result of a way of authenticating the Telnet in Win2000: Windows NT LAN Manager (NTLM). The early SMB protocol transmits passwords in plaintext on the network, and then the LAN Manager challenge/response authentication mechanism, called LM, is simple enough to be cracked, and Microsoft then presents the WINDOWSNT Challenge/Response verification mechanism, NTLM. There are now updated NTLMV2 and Kerberos authentication systems. The NTLM workflow is like this:

Source: Tenkine Author: wx999 Zebian: Bean Technology Application



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.