[ previous ] [ next ] [ threads ]
 From:  Louis <m0n0 dot ch at hourfollowshour dot org>
 To:  Chet Harvey <chet at pittech dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Am I encrypted? (PPTP over OPT1 Wireless)
 Date:  Thu, 14 Oct 2004 11:14:58 -0400

Thanks for your response.  I am using PPTP over wireless on an open non 
WEP/WPA hotspot, the idea is that I want to offer an open hotspot for 
neighbors and cafe goers but still encrypt my connection (or anyone else 
who e-mails me that wants security).

I realize most people say IPSec is 'better'; I'll have to do some 
searches to see the issues with PPTP (other then it being a MS 
creation), I of course don't want to use something that can be hacked in 
an hour -- will do more research online regarding PPTP security though I 
imagine it is relatively secure or folks wouldn't have it in m0n0wall to 
begin with.

Can anyone tell me why PPTP is 'bad' or less secure then IPSec?

I'm glad to hear you think its secure over the air, I'm going to have to 
locate another wireless laptop and sniff the connection for that added 
self-verification that will make me sleep better at night ;).


Chet Harvey wrote:
> PPTP is not the tunneling "choice" for encrypted tunnels but it does a decent 
> job. 128 bit encryption via OpnSSL. How it works is the "tunnel" is encrypted 
> by the software on your system and started at the interface. It is then 
> decrypted at the endpoint interface on the other side.
> That said, you are sending packets across open airwaves which makes it easier 
> to "sniff" and decrypt than on old school cat5. You didnt specify if you had 
> WEP or WPA enabled which would help somewhat.
> Personally I would IPSec to the m0n0wall via wireless instead of WEP.
> That was the Long winded answer to your question, short answer is most likely 
> yes. Is it the best you can do, probably not.
> Chet Harvey
> Pitbull Technologies <http://www.pittech.com/> 
> Protecting your Digital Assets
> 703.407.7311