nanog mailing list archives

Re: PPP over Ethernet?

From: kline () uiuc edu (Charley Kline)
Date: Thu, 04 Jun 1998 17:40:16 -0400

Give me 10 minutes with a sniffer and a few nifty tools and not only can I
find the PPTP session but, take control.  Now, *I* have access to your file
on that NiceTry Server.


<http://www.counterpane.com/pptp.html> of course.

According to my Microsoft insider, "depends what the client is. If it's
NT and uses the NTLM hash, it's quite secure. If it's 9x and uses the
LM hash, it's easy to crack. Basically the deal is that 9x clients use
a shitty old hash method that's really easy to sniff and crack."

Supposedly there are patches that close the holes, but PPTP still doesn't
appear to have been designed nicely to begin with.

Aleph One also had a good summary of the counterpane paper. He posted
the URL's to bugtraq a couple of days ago:


http://listserv.ntbugtraq.com/scripts/wa-ntbt.exe?A2=ind9805&L=ntbugtraq&F=&S=&P=663
http://listserv.ntbugtraq.com/scripts/wa-ntbt.exe?A2=ind9806&L=ntbugtraq&F=&S=&P=172
http://listserv.ntbugtraq.com/scripts/wa-ntbt.exe?A2=ind9806&L=ntbugtraq&F=&S=&P=265

/cvk

Current thread:

Re: PPP over Ethernet?, (continued)
- - - Re: PPP over Ethernet? Roeland M.J. Meyer (Jun 05)
- RE: PPP over Ethernet? Peter Galbavy (Jun 04)
- Re: PPP over Ethernet? Alan Hannan (Jun 04)
  - Re: PPP over Ethernet? Scott Brim (Jun 04)
    - Re: PPP over Ethernet? Rich Sena (Jun 14)
- Re: PPP over Ethernet? Neil J. McRae (Jun 04)
- Re: PPP over Ethernet? Bill Woodcock (Jun 04)
  - Message not available
    - Re: PPP over Ethernet? Jay R. Ashworth (Jun 04)
- Re: PPP over Ethernet? Richard Parker (Jun 04)
- Re: PPP over Ethernet? John Fraizer (Jun 04)
  - Re: PPP over Ethernet? Charley Kline (Jun 04)
- Re: PPP over Ethernet? Owen DeLong (Jun 04)
- Re: PPP over Ethernet? John Fraizer (Jun 05)
- Re: PPP over Ethernet? Michael Nelson (Jun 07)