Ethereal-dev: Re: [Ethereal-dev] Disabling NTLMSSP negotiation in Windows

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Tim Potter <tpot@xxxxxxxxx>
Date: Tue, 9 Jul 2002 10:31:27 +1000
On Mon, Jul 08, 2002 at 10:40:19AM -0400, Devin Heitmueller wrote:

> As it turns out, if there have not yet been any network logins to the NT
> Server, you can disable the "NT Lan Manager Security Service Provider"
> Service under the Services Control panel.  Of course, if the service has
> already started and you stop it, services.exe pulls a Dr. Watson.
> 
> Once I disabled the service, all previously encrypted connections were
> sent unencrypted.

Very cool!

> I spent hours digging through the registry looking for a hidden key, and
> all I had to do was set a service startup to 'disabled'.  How
> annoying...  :-)

The key would probably be something like the md4 hash of a user or
administrator password, or some hash of this with the session key sent
in the negprot reply.  There's also the hmac-md4 encryption type
described in the internet draft draft-brezak-win2k-krb-rc4-hmac-04.txt

I don't think ethereal does any of these at the moment.


Tim.