[ previous ] [ next ] [ threads ]
 
 From:  =?ISO-8859-1?Q?Odd_K=E5re_Qvam_Tr=F8en?= <oddkt at tihlde dot org>
 To:  Jason Collins <jason at mammothcomputers dot com>
 Cc:  'Daniel Milani' <daniel dot milani dot 71 at gmail dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] PPTP Vulnerabilities
 Date:  Sat, 12 Nov 2005 18:29:11 +0100
Hi.

Is the safenet client available for free, and where can I download it?

--

Odd K.

Jason Collins wrote:

> I use IPSEC VPN from behind NAT boxes of several different varieties and
>vendors without any special rules or configuration.  The box just needs to
>support IPSEC passthrough and most do these days.  Just use the IPSEC
>connections with the safenet client (or something else if you can configure
>it) and you'll be set.
>
>-----Original Message-----
>From: Daniel Milani [mailto:daniel dot milani dot 71 at gmail dot com] 
>Sent: Saturday, November 12, 2005 8:29 AM
>To: m0n0wall at lists dot m0n0 dot ch
>Subject: [m0n0wall] PPTP Vulnerabilities
>
>Hello everyone,
>
>I recently set up a computer lab for a group of system administrators (of
>which I am one of them). One of the requirements was to be able to remotely
>acces the lab using a VPN solution. I decided to use m0n0wall because of
>it's robustness, support for 802.1q, and vpn capabilities.
>Since my colleagues will be connecting to the lab from behind NAT boxes
>(linksys and such), I read that IPSEC would not work; so PPTP was the only
>other choice. I also favored this choice because no additional software
>(client side) was required.
>
>Yesterday, one of my colleagues sent me these two links.
>
>http://en.wikipedia.org/wiki/PPTP#PPTP_Vulnerabilities
>http://asleap.sourceforge.net/
>
>
>Here is an excerpt from the first link:
>
>  
>
>>The security of PPTP has been entirely broken and PPTP installations
>>    
>>
>should be retired or upgraded to another VPN technology. The ASLEAP utility
>can quickly recover passwords from PPTP sessions and decrypt PPTP VPN
>traffic. PPTP attacks cannot be detected by the client or by the server
>because the exploit is passive.The failure of PPTP as a VPN protocol is
>caused by cryptographic design errors in the Cisco LEAP and Microsoft
>MSCHAP-v2 handshake protocols, and by key length limitations in MPPE. Both
>LEAP and MSCHAP-v2 derive session keys from user passwords, which are
>cryptographically weak.
>
>
>I knew PPTP wasn't the most secure of VPN solutions but these links got me
>worried.
>
>I am not a security expert so I'm not sure how to interpret these articles.
>
>Is m0n0wall impacted by this?
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>  
>