Since I'm an engineer and just want to get some done from home...
Ok. So a bunch of people dislike PPTP (version 1 and 2). But nobody has
offered a constructive comment. So kindly do so, or quit your bitchin'.
Constructive comments are defined in my world as 1 of these 3 things:
1) Do this and pptp is as safe as it gets. Your level of risk is X.
Knowing this, use or don't, as you choose.
2) Use protocol / software XYZ as a replacement for PPTP; it only costs x$.
3) "I've written a replacement; source and binaries are available at
www.____.___/pptp_replacement.html. Please perform peer review and let me
know if you find any bugs."
I'm waiting.......
-----Original Message-----
From: Brian Steele [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 14, 1999 11:34 AM
To: [EMAIL PROTECTED]
Subject: Re: MS PPTP (Safe?)
...and you can do this without being first authenticated by the NT server
providing the VPN service?
Brian Steele
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: "Jimi Aleshin" <[EMAIL PROTECTED]>
Cc: "J. T. B." <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, December 14, 1999 9:44 AM
Subject: Re: MS PPTP (Safe?)
>
>
>
> One thing to remember, protocol 47 is GRE (Generic Route Encapsulation).
> Remember the days of disabling
> Source Route Forwarding at the TCP Layer ????
> GRE is in it's basic form, the very same thing at the IP layer.
>
> What does this mean ????
>
> Well, I could send a GRE packet that contains another protocol in its
payload.
> This could be, for example, NETBIOS.
> I could then use a GRE stream to browse your Windows NT domain.
>
> Please review RFC 1702 paying strong attention to the section on IP Source
Route
>
> http://www.ietf.org/rfc/rfc1702.txt
>
> After you read the RFC, you may want to consider the risks associated with
it.
>
>
>
>
>
>
>
> "Jimi Aleshin" <[EMAIL PROTECTED]> on 12/13/99 05:45:38 PM
>
> Please respond to "Jimi Aleshin" <[EMAIL PROTECTED]>
>
> To: "J. T. B." <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> cc: (bcc: Jerry Kendall/Inc/Celestica)
>
> Subject: Re: MS PPTP (Safe?)
>
>
>
>
> It is an implementation of PPP over TCP. This means that a user must
already
> have an Internet connection. The technology creates a second virtual PPP
> network adapter. By using the native PPP authentication and encryption
> services, the technology is easily implemented using existing technology.
> Originally developed by Microsoft, U.S. Robotics (now 3Com), Ascend, and
> other remote access companies.
> In 1998, a severe flaw was found in PPTP's authentication scheme. This was
> fixed in MS-CHAP V2 of Microsoft's implementation.
> When setting up a PPTP server, you must enable port 1723 and protocol 47
> through the firewall.
> So try it out.
>
> /Jimi Aleshin
> Mail: [EMAIL PROTECTED]
> ICQ: 26180172
>
> ----- Original Message -----
> From: J. T. B.
> To: [EMAIL PROTECTED]
> Sent: Monday, December 13, 1999 01:09 PM
> Subject: MS PPTP (Safe?)
>
>
>
> I'm looking at building a secure VPN and was wondering if Microsoft's PPTP
> was any good? I had heard some very bad things about it. Have they
cleaned
> it up, or should I look elsewhere?
>
> Thanks!
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
