Vivek Khera wrote:
This one is precious:
<quote>
Description:
The remote host appears to be running a PPTP (VPN) service.
This service allows remote users to connect to the internal network and
gain a trusted user role. This service should be protected with a strong
encryption scheme like IPSEC. By default the service leaks out such
information as Server version (PPTP version), Hostname and Vendor string
this could help an attacker better perpare her next attack.
General solution:
Restrict access to this port from untrusted networks. Make sure only
encrypted channels are allowed through the PPTP (VPN) connection.
</quote>
Seriously, if the client could use IPSEC why would you need
PPTP?!??!?!?!?!!??!?!
Ease of setup is usually the reason. The main reason of the warning is
that it is possible to use PPTP with no or very weak encryption.
For those curious, the service doing the scanning is ScanAlert (the
folks who bring you the "HackerSafe" seal of approval).
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
