Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: PPP over Ethernet?

  • From: John Fraizer
  • Date: Fri Jun 05 17:56:17 1998

At 05:40 PM 6/4/98 -0400, you wrote:
>> Give me 10 minutes with a sniffer and a few nifty tools and not only can I
>> find the PPTP session but, take control.  Now, *I* have access to your file
>> on that NiceTry Server.
><> of course.

No, actually, this is a tool that a close friend wrote while working on a
test harness for the PPTP protocol.  It seems that MS PPTP doesn't quite
work as advertized and it was necessary to sniff a ton of sessions to
determine the protocol and write the state machine to interface to
something other than Winblows as a client or server.  I suppose that
"releasing" the crack will brings with it notoriety in the community if
that's what you're after.  Personally, I find it more gratifying to know it
can be done and have the prowess to do it than to provide the code to every
bored 13y/o on the planet via anonymous ftp.

>According to my Microsoft insider, "depends what the client is. If it's
>NT and uses the NTLM hash, it's quite secure. If it's 9x and uses the
>LM hash, it's easy to crack. Basically the deal is that 9x clients use
>a shitty old hash method that's really easy to sniff and crack."

The session hijacked was NT<->NT.  With 3DES/Blowfish/etc freely available,
why does MS feel the need to  _attempt_ to write their own encryption?

>Supposedly there are patches that close the holes, but PPTP still doesn't
>appear to have been designed nicely to begin with.


echo "Please insert Linux Bootable Installation CD in CD drive."
pause "Press <ENTER> when ready."
echo "This process may take several minutes depending on the speed of your
pause "Please press CTRL-ALT-DEL to begin the patch process..."

John Fraizer    (root)          |    __   _                 |
The System Administrator        |   / /  (_)__  __ ____  __ | The choice
mailto:root@EnterZone.Net       |  / /__/ / _ \/ // /\ \/ / |  of a GNU
http://www.EnterZone.Net/       | /____/_/_//_/\_,_/ /_/\_\ | Generation
                     A 486 is a terrible thing to waste...

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.