PPP over Ethernet?

• Previous message (by thread): PPP over Ethernet?
• Next message (by thread): PPP over Ethernet?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Give me 10 minutes with a sniffer and a few nifty tools and not only can I
> find the PPTP session but, take control.  Now, *I* have access to your file
> on that NiceTry Server.

<http://www.counterpane.com/pptp.html> of course.

According to my Microsoft insider, "depends what the client is. If it's
NT and uses the NTLM hash, it's quite secure. If it's 9x and uses the
LM hash, it's easy to crack. Basically the deal is that 9x clients use
a shitty old hash method that's really easy to sniff and crack."

Supposedly there are patches that close the holes, but PPTP still doesn't
appear to have been designed nicely to begin with.

Aleph One also had a good summary of the counterpane paper. He posted
the URL's to bugtraq a couple of days ago:


http://listserv.ntbugtraq.com/scripts/wa-ntbt.exe?A2=ind9805&L=ntbugtraq&F=&S=&P=663
http://listserv.ntbugtraq.com/scripts/wa-ntbt.exe?A2=ind9806&L=ntbugtraq&F=&S=&P=172
http://listserv.ntbugtraq.com/scripts/wa-ntbt.exe?A2=ind9806&L=ntbugtraq&F=&S=&P=265

/cvk

• Previous message (by thread): PPP over Ethernet?
• Next message (by thread): PPP over Ethernet?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]