[pptp-server] PPTP as WEP replacement

Josh Howlett Josh.Howlett at bristol.ac.uk
Mon Oct 1 08:01:03 CDT 2001

MS-CHAP-v2 which is used to authenticate for PPTP is vulnerable to a
dictionary attack.  Use a random alphanumeric password.


On Mon, 1 Oct 2001, Kyle Hodgson wrote:

> In an environment where one doesn't care about tracking individual users,
> and where one doesn't care about users having access to the same resources
> at the other end of a tunnel- is it safe to give them all the same vpn
> username and password?
> Is it safe is too vague.  What I mean is, if I give 100 people the same
> username and password, will they be able to easily snoop each other's
> connections once a tunnel is established?
> What I'm trying to do is replace the badly broken WEP protocol in a wireless
> network.  I don't mind that everyone can get access to the tunnel, no
> problem.  The only thing on the other end of the tunnel is a DSL connection,
> one that they could access normally.  If I could introduce a reasonable
> deterrent (better than WEP) against eavesdropping just by installing pptp
> and having everyone use the same username and password, that would solve
> certain management issues.
> Kyle Hodgson
> Istorm New Media
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --

Josh Howlett, Network Supervisor,
Networking & Digital Communications,
Information Systems & Computing,
University of Bristol, U.K.
0117 928 7850 | josh.howlett at bris.ac.uk

More information about the pptp-server mailing list