On 13:05 Sat 07 Feb, Oleg Goldshmidt wrote:While I wouldn't presume to rival the past Linux-IL member quoted by Oleg, I can say that, as far as I can see it, there is little difference between pptp and DHCP as far as breaking into your computer. The only difference, in fact, is that with DHCP you are connected to the internet as soon as the interface goes up. This does not make as much difference as it may sound. With a dialer, you are still connected to the cables network (with DHCP, in fact) as soon as the interface goes up. This means that the entire Israeli cables population (at least those connecting through the same provider as you) can still break into your machine, even if you have not dialed. Arguably, it is worst, as they can break into your machine while you are "not connected to the internet", and therefor assuming you are ok.
The security issue has been discussed here in the past. Check the
archives. Shachar Shemesh pointed out, rightly, that if someone forges
your MAC address (something that is well beyond the technical ability
of my elderly next-door neighbours, but in general feasible), gets
your IP address, and starts sending encrypted emails to known Al Qaeda
operators and/or drug traffickers, or spams the world with child
pornography, you may get visitors at an inconvenient hour.
Indeed, but please - do you really believe that something like this will
happen? I was more talking in regard to what the representative said - 'people infiltrating your computer'.
Shachar
P.S.
The attack described above with DHCP MAC spoofing can also be carried out, a little more cumbersome, with a dialer too. It's called "ARP Poisening", and the attacker can, in fact, steal your password and user name this way. Cables suck, whichever way you turn it. Again, a little more difficult to carry out using PPTP, but not impossible.
Shachar
-- Shachar Shemesh Lingnu Open Systems Consulting http://www.lingnu.com/
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
