[pptp-server] Re: [pptp-server] Re: [pptp-server] Re: [pptp-server] Security ?

tmk tmk at netmagic.net
Tue Jun 22 13:39:15 CDT 1999


As I understand it, the security problems are:

1. Bad encryption/password transmission
2. Insecure control connection
3. Hijack link?

1. Anytime we start using MS encryption or MS-CHAP (not sure if ms-chap2
is any better) the risk is there for someone to decode our packets (note
that any kind of encryption is better than NO encryption)

2. Control connections are based on TCP connections, so if someone has
decent spoofing software, and knows the client's IP, They can send an "end
call request" to the server and disconnect the client. 

3. I guess it is possible if someone is REALLY good to completely hijack a
connection (would require killing the client and having the ability to
join in a gre/ppp link mid stream - not an easy task) and thereby gain
access to the internal network. This is not much of a threat in my
opinion, but it is a threat nonetheless.






More information about the pptp-server mailing list