[pptp-server] PPTP as WEP replacement
Josh Howlett
Josh.Howlett at bristol.ac.uk
Mon Oct 1 08:01:03 CDT 2001
MS-CHAP-v2 which is used to authenticate for PPTP is vulnerable to a
dictionary attack. Use a random alphanumeric password.
josh.
On Mon, 1 Oct 2001, Kyle Hodgson wrote:
> In an environment where one doesn't care about tracking individual users,
> and where one doesn't care about users having access to the same resources
> at the other end of a tunnel- is it safe to give them all the same vpn
> username and password?
>
> Is it safe is too vague. What I mean is, if I give 100 people the same
> username and password, will they be able to easily snoop each other's
> connections once a tunnel is established?
>
> What I'm trying to do is replace the badly broken WEP protocol in a wireless
> network. I don't mind that everyone can get access to the tunnel, no
> problem. The only thing on the other end of the tunnel is a DSL connection,
> one that they could access normally. If I could introduce a reasonable
> deterrent (better than WEP) against eavesdropping just by installing pptp
> and having everyone use the same username and password, that would solve
> certain management issues.
>
> Kyle Hodgson
> Istorm New Media
>
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
>
>
---------------------------------------
Josh Howlett, Network Supervisor,
Networking & Digital Communications,
Information Systems & Computing,
University of Bristol, U.K.
0117 928 7850 | josh.howlett at bris.ac.uk
---------------------------------------
More information about the pptp-server
mailing list