Re: MS PPTP (Safe?)

jkendall Tue, 14 Dec 1999 07:48:04 -0800



One thing to remember, protocol 47 is GRE (Generic Route Encapsulation).
Remember the days of disabling
Source Route Forwarding at the TCP Layer ????
GRE is in it's basic form, the very same thing at the IP layer.

What does this mean ????

Well, I could send a GRE packet that contains another protocol in its payload.
This could be, for example, NETBIOS.
I could then use a GRE stream to browse your Windows NT domain.

Please review RFC 1702 paying strong attention to the section on IP Source Route

http://www.ietf.org/rfc/rfc1702.txt

After you read the RFC, you may want to consider the risks associated with it.







"Jimi Aleshin" <[EMAIL PROTECTED]> on 12/13/99 05:45:38 PM

Please respond to "Jimi Aleshin" <[EMAIL PROTECTED]>

To:   "J. T. B." <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
cc:    (bcc: Jerry Kendall/Inc/Celestica)

Subject:  Re: MS PPTP (Safe?)




It is an implementation of PPP over TCP. This means that a user must already
have an Internet connection. The technology creates a second virtual PPP
network adapter. By using the native PPP authentication and encryption
services, the technology is easily implemented using existing technology.
Originally developed by Microsoft, U.S. Robotics (now 3Com), Ascend, and
other remote access companies.
In 1998, a severe flaw was found in PPTP's authentication scheme. This was
fixed in MS-CHAP V2 of Microsoft's implementation.
When setting up a PPTP server, you must enable port 1723 and protocol 47
through the firewall.
So try it out.

 /Jimi Aleshin
 Mail: [EMAIL PROTECTED]
 ICQ: 26180172

----- Original Message -----
From: J. T. B.
To: [EMAIL PROTECTED]
Sent: Monday, December 13, 1999 01:09 PM
Subject: MS PPTP (Safe?)



I'm looking at building a secure VPN and was wondering if Microsoft's PPTP
was any good?  I had heard some very bad things about it.  Have they cleaned
it up, or should I look elsewhere?

Thanks!

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
att1.eml
Re: MS PPTP (Safe?)

Reply via email to
