Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: PPP over Ethernet?

  • From: Charley Kline
  • Date: Thu Jun 04 18:59:47 1998

> Give me 10 minutes with a sniffer and a few nifty tools and not only can I
> find the PPTP session but, take control.  Now, *I* have access to your file
> on that NiceTry Server.

<http://www.counterpane.com/pptp.html> of course.

According to my Microsoft insider, "depends what the client is. If it's
NT and uses the NTLM hash, it's quite secure. If it's 9x and uses the
LM hash, it's easy to crack. Basically the deal is that 9x clients use
a shitty old hash method that's really easy to sniff and crack."

Supposedly there are patches that close the holes, but PPTP still doesn't
appear to have been designed nicely to begin with.

Aleph One also had a good summary of the counterpane paper. He posted
the URL's to bugtraq a couple of days ago:


http://listserv.ntbugtraq.com/scripts/wa-ntbt.exe?A2=ind9805&L=ntbugtraq&F=&S=&P=663
http://listserv.ntbugtraq.com/scripts/wa-ntbt.exe?A2=ind9806&L=ntbugtraq&F=&S=&P=172
http://listserv.ntbugtraq.com/scripts/wa-ntbt.exe?A2=ind9806&L=ntbugtraq&F=&S=&P=265

/cvk




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.