A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems. However, he is unable to capture any logons though he knows that other users are logging in.
What do you think is the most likely reason behind this?
A.
There is a NIDS present on that segment.
B.
Kerberos is preventing it.
C.
Windows logons cannot be sniffed.
D.
L0phtcrack only sniffs logons to web servers.
Explanation:
In a Windows 2000 network using Kerberos you normally use pre-authentication and the user password never leaves the local machine so it is never exposed to the network so it should not be able to be sniffed.