Jump to content

Kerberos Takedown


Recommended Posts

I have a question for you guys: What is the most effective way in your mind to take out a kerberos server? Doesnt matter what version or anything, im just wondering what are the merits of "disabling" certain parts. I was thinking that if there is a network time server, to make it go wonky and give out random times.

Any ideas?

(google's your friend people, dont bother posting. I just want an opinion.)

Link to comment
Share on other sites

Well, the thing to remember is that Kerberos is an authentication mechanism. Like the lock on your door, it is designed to take a lot of abuse and it is (or should be) designed to fail gracefully should something not behave as expected. So unless you want to get your hands dirty and audit some source code that a lot of smart people already looked over (which has its merits, but makes no guarantees) hoping to find a scenario under which you can make it do something wrong.

My guess is the best you can achieve without a lot of research is a DOS on the system it authenticates for. Problem with that is that it's decidedly lame, and can and will be traced back to you in a relatively short amount of time aswell.

So, I'd say either get your hands dirty with the code, or don't bother.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...