North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: PPP over Ethernet?
- From: Charley Kline
- Date: Thu Jun 04 18:59:47 1998
> Give me 10 minutes with a sniffer and a few nifty tools and not only can I
> find the PPTP session but, take control. Now, *I* have access to your file
> on that NiceTry Server.
<http://www.counterpane.com/pptp.html> of course.
According to my Microsoft insider, "depends what the client is. If it's
NT and uses the NTLM hash, it's quite secure. If it's 9x and uses the
LM hash, it's easy to crack. Basically the deal is that 9x clients use
a shitty old hash method that's really easy to sniff and crack."
Supposedly there are patches that close the holes, but PPTP still doesn't
appear to have been designed nicely to begin with.
Aleph One also had a good summary of the counterpane paper. He posted
the URL's to bugtraq a couple of days ago: