Eje, I would ussually agree with you there but there are approximately 0 bb routers that do encrypted pppoe, sure some of them do secure mschapv2 authentication but none of them (excluding snapgear and draytek possibly) do encrypted pppoe. The point of the original post was to see if an encrypted tunnel could be created to help with security or atleast with the users feeling of "security".
Also for PPPoE on winxp clients, winxp refuses to do stateless mppe over pppoe links for some reason. It's always stateful and as such due to the nature of stateful mppe every time there is a dropped/corrupted/etc packet the encryption must be renegotiated causing a small hiccup or glitch in the connection, enough to make your online gamers notice im sure. Stateless mppe doesn't have this problem, so I prefer it.
At 01:06 AM 01/07/2003 -0500, you wrote:
instead of pptp I suggest pppoe. all the benefits from pptp with some lesser drawbacks plus almost all bb routers supports pppoe while most don't support pptp.
Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] The Family Entertainment Network http://www.fament.com Phone : 620-231-7777 Fax : 620-231-4066 - Your Full Time Professionals - eBay UserID : macahan --- searchable smartBridges mailing list archive. http://www.mail-archive.com/smartbridges40part-15.org/ -- DB> I've used various pptp servers, though not poptop in particular. With DB> them you can create encrypted mppe sessions, 128bit stateless mppe DB> with ms chapv2 password authentication is the way to go I think.
DB> warning: the following is probably full of bad cryptography terminology DB> and bastardizations because i am not an expert on the matter. DB> Unfortunately mppe is not entirely secure, there are one or two DB> eavesdropping+brute force attacks that can be used against it. DB> I believe that because of the rotating hashing function and the DB> weakness of rc4 streams (atleast there are different hashes for DB> each direction) one can snoop the packets and eventually DB> come up with the first bunch of bit of the password and DB> then be left with only 65XXX potential combinations that need DB> to be pushed through an nt password cracker to come DB> up with the password and be able to read the encrypted stream. DB> Also dictionary attacks can be extremely effective against mppe DB> so strong passwords are a must.
DB> Overall is this better than wep? yes i think so. WEP + pptp tunnels DB> seems like a pretty good way to go but the VPN/PPTP might DB> make the user feel more secure than they really are. DB> end result: You probably dont want to put the DoD on a PPTP DB> encrypted tunnel system but I'm sure that its plenty good DB> for most businesses and all home users. Banks, Hospitals, DB> Insurance companies, etc, IPsec tunnels over l2tp would be DB> more secure. However they would also be a giant pain DB> in the butt to setup.
DB> Also PPTP tunnels are not light on the cpu really. I can only do about DB> 20mb/s of encrypted pptp on a duron 900. So this isnt going to work DB> on a soekris or other SBCs.
DB> Dave
DB> At 10:25 PM 30/06/2003 -0400, you wrote:
>>Has anyone done any experimenting with PoPToP?
>>
>>http://poptop.org
>>
>>My understanding is that it provides that ability to use encrypted ppp
>>sessions with Windows clients without an additional software on the client
>>system.
>>
>>Does this mean that wisps (like me & us) could use poptop to encrypt "all"
>>the
>>traffic between clients and our systems? This is a concern for me - because
>>"I think that my clients think" that wireless is "insecure" I know I need to
>>educate them about the padlock on the browser, encrypted e-mail, etc., but
>>would using an app like poptop allow me to say that I have as secure a system
>>as their old dialup system?
>>
>>Oh yeah, better put something about smartbridges in here. Does any one
>>know if
>>there is an incompatibilities between poptop and smartbridges equipment?
>>
>>Erik
>>
>>The PART-15.ORG smartBridges Discussion List
>>To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe
>>smartBridges <yournickname>
>>To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe
>>smartBridges)
>>Archives: http://archives.part-15.org
DB> The PART-15.ORG smartBridges Discussion List
DB> To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname>
DB> To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges)
DB> Archives: http://archives.part-15.org
DB> ---
DB> [This E-mail scanned for viruses by Declude Virus]
--- [This E-mail scanned for viruses by Declude Virus]
The PART-15.ORG smartBridges Discussion List
To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname>
To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges)
Archives: http://archives.part-15.org
The PART-15.ORG smartBridges Discussion List
To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname>
To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges)
Archives: http://archives.part-15.org
