[ previous ] [ next ] [ threads ]
 
 From:  Claude Morin <klodefactor at gmail dot com>
 To:  ryanag at zoominternet dot net
 Cc:  Jeb Campbell <jebc at c4solutions dot net>, m0n0wall at lists dot m0n0 dot ch
 Subject:  security flaws in MS PPTP implementation? (was Re: [m0n0wall] urgent Request)
 Date:  Thu, 31 Mar 2005 23:21:44 -0500
Question: the PoPToP site has a link to the 1998 Counterpane Systems (Bruce 
Schneier et al.) analysis of the Microsoft PPTP implementation. From the 
FAQ:
They found security flaws in Microsoft PPTP that allow attacks to sniff 
passwords across the network, break the encryption scheme and read 
confidential data, and mount denial of service attacks against PPTP servers. 
They did not find flaws in PPTP, only in Microsoft's implementation of it.
 
Does anyone know whether these problems exist in current MS implementations 
of PPTP? If no one knows, I'll ask on the PoPToP mailing list.

-klode

On Mar 31, 2005 8:11 PM, ryanag at zoominternet dot net <ryanag at zoominternet dot net> 
wrote:
> 
> On Thu, 2005-03-31 at 11:57 -0600, Jeb Campbell wrote:
> >
> > Assuming you know what you are doing, send me what you want it
> > globals.inc and I can make an image. If you are not sure, could
> > someone
> > else here figure out what would be correct? (no time or need here)
> >
> 
> Why not redirect pptp connections to an internal VPN server?
> 
> http://www.poptop.org/ is available at no charge.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch 
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>