[pptp-server] PPTP vulnerabilities that still exist?
tmk
tmk at netmagic.net
Tue Aug 3 18:29:14 CDT 1999
> Been reading through the PPTP faqs... and as I understand it the main 2
> attacks on a PPTP server are:
> 1. Lack of authenticating the control port (DoS)
> 2. Short passwords
>
>
> Is it possible to put in a long password on the /etc/chap-secrets (64
> chars?) and in the DUN & have it work?
Password length is determined by the method of authentication you use..
MS-CHAP and V2 of it, have RFCs orsomething that define the max lengths.
We can't ignore those. Short passwords isn't usually hte problem, it's
more like weak encryption. MS-CHPAv2 seems to have fixed this a bit, and
unless the link is up for a long time , it's not much of an issue.
> Does applying the PPTP-Masq patch (GRE, etc) to my firewall at work (so I
> can PPTP to home) compromise the firewall's security (I understand the
> concerns about the home-network from the FAQs, but - if I have my home
> connection up, can someone "invade" work?)
the GRE kernel patch i think just routes protocol 47 stuff properly, and
MIGHT be a security problems if you have routers that communicate using
GRE on your company network, but that's unlikely, and i wouldn't worry
about it.
Kevin
More information about the pptp-server
mailing list