[pptp-server] Forcing encryption (was: Optimizing pppd for PPTP)
Patrick J. LoPresti
patl at cag.lcs.mit.edu
Sat Mar 18 09:25:12 CST 2000
(Sorry if you get this twice, Martin; I messed up the mailing list
address the first time.)
Martin Mueller <mm at lunetix.de> writes:
> Ok, here are the patches to pppd-2.3.11 to require encryption. The
> new options are "require-mppe" and "require-mppe-stateless". You
> must first aply the MPPE patches for pppd and then this one.
Nice work. Unfortunately, these patches do not quite do the trick
security-wise, at least on Linux.
Here is a comment from /usr/src/linux/drivers/net/ppp-deflate.c, circa
line 450:
* Because of patent problems, we return DECOMP_ERROR for errors found
* by inspecting the input data and for system problems, but
* DECOMP_FATALERROR for any errors which could possibly be said to be
* being detected "after" decompression. For DECOMP_ERROR, we can
* issue a CCP reset-request; for DECOMP_FATALERROR, we may be
* infringing a patent of Motorola's if we do, so we take CCP down
* instead.
The associated code is consistent with this comment. Linux disables
compression when an error happens while decompressing a packet. Since
MPPE is implemented as a "compression" module, all an attacker needs
to do to disable your encryption is tamper with the PPP stream in any
way. Guess how hard this is when the PPP stream is running over PPTP?
(Hint: PPTP does not even check packet integrity, except for a
sequence number at the head of every packet which increments
monotonically).
There are two ways you might fix this. 1) Ignore Motorola's alleged
patent and patch ppp_deflate.c to just do a CCP reset on *any*
decompression error; or 2) terminate the connection if require-mppe is
set and compression becomes disabled for any reason whatsoever. The
latter is probably safer, both from a legal and from a security
standpoint. (It does allow an attacker to end your PPTP session, but
they can do that anyway by forging bogus GRE packets with wacko
sequence numbers. PPTP is a really, really, really bad protocol.)
- Pat
More information about the pptp-server
mailing list