11.4 Microsoft PPTP

Previous page
Table of content
Next page

Microsoft's Point to Point Tunneling Protocol (PPTP) uses TCP port 1723 for communication. Due to PPTP model complexity and reliance on MS-CHAP for authentication, PPTPv1 and PPTPv2 are vulnerable to several offline cryptographic attacks.

No active information-leak or user-enumeration vulnerabilities have been identified in PPTP to date, and so the service is adequately secure from determined remote attack (if the external attack has no access to the PPTP traffic).

For details of the multiple cryptographic weaknesses within PPTP, see Bruce Schneier's page that's dedicated to the protocol: http://www.schneier.com/pptp.html. A number of publicly available network sniffers can compromise PPTP MS-CHAP challenge/response hashes from the wire, including:

http://packetstormsecurity.org/sniffers/anger-1.33.tgz
http://packetstormsecurity.org/sniffers/dsniff/dsniff-2.3.tar.gz
http://packetstormsecurity.org/sniffers/pptp-sniff.tar.gz

Previous page
Table of content
Next page
Network Security Assessment
Network Security Assessment: Know Your Network
ISBN: 059600611X
EAN: 2147483647
Year: 2006
Pages: 166
Authors: Chris McNab
BUY ON AMAZON
High-Speed Signal Propagation[c] Advanced Black Magic
A Practitioners Guide to Software Test Design
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
PMP Practice Questions Exam Cram 2
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy