Firewall Wizards mailing list archives

Re: PPTP risks?

From: Mike Barkett <mbarkett () digex net>
Date: Thu, 3 Feb 2000 20:04:13 -0500 (EST)

PPTP is a bidirectional protocol, and as such, it requires that you allow
return packets back through the firewall.  This also means you have to
have a static NAT in place for the client machine.  

The risks involved in this are all the normal risks involved in allowing
an entire IP type (GRE) through the firewall from the outside...  I
suppose someone could fairly easily engineer a tunneling exploit for this,
but PPTP really poses more :annoyances: than risks.

-MAB

-- 
 ,.........................................
:   Michael A. Barkett
:  Senior Staff Engineer IV, SMC (x6363)
: mbarkett () digex net  
:  301.847.7180       ,....................
:   FW./\/.          : i n t e r m e d i a
'....................'   BUSINESS INTERNET




On Thu, 3 Feb 2000, O'Dell Mike wrote:

OM>Date: Thu, 3 Feb 2000 07:27:57 -0800 
OM>From: O'Dell Mike <modell () iclretail com>
OM>To: "'owner-firewall-wizards () lists nfr net'"
OM>    <owner-firewall-wizards () lists nfr net>
OM>Subject: PPTP risks?
OM>
OM>Can someone explain what sort of risk is involved in allowing PPTP sessions
OM>to be initiated from within out firewall, if any?
OM>
OM>Thanks,
OM>
OM>> Mike 
OM>

Current thread:

PPTP risks? O'Dell Mike (Feb 03)
- Re: PPTP risks? Mike Barkett (Feb 04)
- <Possible follow-ups>
- RE: PPTP risks? Ben Nagy (Feb 07)