[pptp-server] Forcing encryption (was: Optimizing pppd for PPTP)
Martin Mueller
mm at lunetix.de
Sun Mar 19 17:21:23 CST 2000
On Sat, Mar 18, 2000 at 10:17:40AM -0500, Patrick J. LoPresti wrote:
> There are two ways you might fix this. 1) Ignore Motorola's alleged
> patent and patch ppp_deflate.c to just do a CCP reset on *any*
> decompression error; or 2) terminate the connection if require-mppe is
> set and compression becomes disabled for any reason whatsoever. The
> latter is probably safer, both from a legal and from a security
> standpoint. (It does allow an attacker to end your PPTP session, but
> they can do that anyway by forging bogus GRE packets with wacko
> sequence numbers. PPTP is a really, really, really bad protocol.)
I think my patch is doing 2) at the moment, at least I´m hopeing to
achieve it with the following snippet:
+++ ppp-2.3.11.mppe/pppd/ccp.c
@ -450,6 +455,8 @@
{
ccp_flags_set(unit, 0, 0);
fsm_lowerdown(&ccp_fsm[unit]);
+ if ( ccp_wantoptions[unit].require_mppe || ccp_wantoptions[unit].require_mppe_stateless )
+ lcp_close(unit,"Encryption negotiation rejected");
}
Which should close the connection on the closing of the CCP.
Correct me if I´m wrong.
bye
MM
PGP-RSA key available from:
http://horowitz.surfnet.nl:11371/pks/lookup?op=index&search=mm@lunetix.de
More information about the pptp-server
mailing list