[pptp-server] PPTP Protocol insecurity

Sascha E. Pollok sp at iphh.net
Mon Jul 23 16:19:45 CDT 2001


Dear fellows, ;-)

I know that this discussion might be really held a 1000 times
but since I read an article regarding the possible
MSCHAPv2 exploit today, I'd like to ask you people
for your opinion.

The paper I read is:
http://mopo.informatik.uni-freiburg.de/pptp_mschapv2/
It is in English so go ahead.

It describes how relatively easy MSCHAPv2 might be
exploited. So the question that I have to you is:

Do you worry about it? What do you tell your customers
and are there good or any alternatives? Ok we could
put some firewall rules in front of it but that's
not a solution for most of the dialup-users.

We could use PPTP on top of IPSEC (like freeswan) but
that's not really "smooth" and I never tried this
with a Mac. The problem why we don't want to use
IPSEC thingies is because of the easy to use PPTP
features (like assigning IP-addresses, DNS and whatever).

Anyone?

Regards,
Sascha




More information about the pptp-server mailing list