nanog mailing list archives
RE: Security problem in PPPoE connection
From: "Bora Akyol" <bora () broadcom com>
Date: Mon, 13 Mar 2006 11:16:25 -0800
Any info on percentages of users that use routers vs Windows boxes?
Microsoft has some suggestions for configuring PPPOE for MS-Windows. http://www.microsoft.com/technet/prodtechnol/winxppro/maintain /pppoe.mspx A problem is many of your customers won't follow the directions, and may still be vulnerable to man-in-the-middle attacks for the login if they don't disable PAP. Because things will appear to work, i.e. Windows will use CHAP first and fallback to PAP, your customers may not notice when an attack does occur. Although PPPOE is a layer 2 protocol, the user data may be vulnerable to many of the same ethernet CAM table, denial of service and sniffing weaknesses even if the login credentials are kept secret with CHAP (or more advanced EAP options). PPPOE and PPP tend to assume the access networks are 1) "free" and 2) "secure." This may be constrained using point-to-point connections, but often require additional configuration of multi-access networks. The configuration details will vary by equipment vendor. But you should find some good information by doing a few web searches for metro ethernet security, private vlan, broadcast security.
Current thread:
- RE: Security problem in PPPoE connection Bora Akyol (Mar 13)
- Message not available
- RE: Security problem in PPPoE connection James R. Cutler (Mar 13)
- RE: Security problem in PPPoE connection Martin Hannigan (Mar 13)
- Re: Security problem in PPPoE connection Matt Buford (Mar 13)
- RE: Security problem in PPPoE connection James R. Cutler (Mar 13)
- Message not available