Firewall Wizards mailing list archives
Re: PPTP risks?
From: Mike Barkett <mbarkett () digex net>
Date: Thu, 3 Feb 2000 20:04:13 -0500 (EST)
PPTP is a bidirectional protocol, and as such, it requires that you allow return packets back through the firewall. This also means you have to have a static NAT in place for the client machine. The risks involved in this are all the normal risks involved in allowing an entire IP type (GRE) through the firewall from the outside... I suppose someone could fairly easily engineer a tunneling exploit for this, but PPTP really poses more :annoyances: than risks. -MAB -- ,......................................... : Michael A. Barkett : Senior Staff Engineer IV, SMC (x6363) : mbarkett () digex net : 301.847.7180 ,.................... : FW./\/. : i n t e r m e d i a '....................' BUSINESS INTERNET On Thu, 3 Feb 2000, O'Dell Mike wrote: OM>Date: Thu, 3 Feb 2000 07:27:57 -0800 OM>From: O'Dell Mike <modell () iclretail com> OM>To: "'owner-firewall-wizards () lists nfr net'" OM> <owner-firewall-wizards () lists nfr net> OM>Subject: PPTP risks? OM> OM>Can someone explain what sort of risk is involved in allowing PPTP sessions OM>to be initiated from within out firewall, if any? OM> OM>Thanks, OM> OM>> Mike OM>
Current thread:
- PPTP risks? O'Dell Mike (Feb 03)
- Re: PPTP risks? Mike Barkett (Feb 04)
- <Possible follow-ups>
- RE: PPTP risks? Ben Nagy (Feb 07)