Firewall Wizards mailing list archives
RE: VPN through DSL - On the subject of PPTP
From: Peter Lukas <plukas () oss uswest net>
Date: Wed, 13 Mar 2002 16:24:13 -0600 (CST)
On Wed, 13 Mar 2002, Behm, Jeffrey L. wrote:
I am assuming you are using ipsec instead of a severely flawed protocol like PPTP.I hear people say this from time to time, but I have heard no one ever name an exploit that has taken advantage of the PPTP protocol (other than an exploit that takes advantage *before* the data is encypted, or *after* it is encrypted at the endpoints) Not that I am a Bill Gates fan, in fact, far from it, but what are the severe flaws that have been exploited?
The original Microsoft PPTP attempt left much to be desired, and the second revision was fairly improved. It is by no means "perfect" in the peanut-gallery sense of the word, but has a number of advantages going for it, namely it's native to most every version of Windows and as simple for an end-user to set up as a dialup connection. Of course, it's subject to the same NAT problems as other VPN methods out there. The original problem was more with Microsoft's interpretation of PPTP and it's meager authentication scheme (MSCHAP). Dig the counterpane cryptanalysis here: http://www.counterpane.com/pptp.html The second attempt (MSCHAPv2) addressed the original concerns, but is still subject to similar security weaknesses as in most other plain vanilla passworded VPN mechanisms out there. When comparing PPTP to ipsec, they both do similar things. PPTP isn't best used at a gateway and much better for deployment across multiple end-users. Using a car analogy, it's like choosing to carpool with a Pinto or a Volvo. Peter _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: VPN through DSL, (continued)
- Re: VPN through DSL Patrick Darden (Mar 13)
- Re: VPN through DSL Yang Lee (Mar 13)
- RE: VPN through DSL Behm, Jeffrey L. (Mar 13)
- RE: VPN through DSL Peter Lukas (Mar 13)
- RE: VPN through DSL R. DuFresne (Mar 13)
- RE: VPN through DSL Peter Lukas (Mar 13)
- RE: VPN through DSL R. DuFresne (Mar 13)
- Re[2]: VPN through DSL Jason Ostrom (Mar 13)
- RE: VPN through DSL Peter Lukas (Mar 13)
- RE: VPN through DSL Tina Bird (Mar 13)
- RE: VPN through DSL - On the subject of PPTP Peter Lukas (Mar 13)
- RE: VPN through DSL - On the subject of PPTP Patrick Darden (Mar 14)
- RE: VPN through DSL Peter Lukas (Mar 13)
- RE: VPN through DSL Joe Keegan (Mar 13)
- RE: VPN through DSL Frederick M Avolio (Mar 15)