|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: PPP over Ethernet?
At 05:40 PM 6/4/98 -0400, you wrote: >> Give me 10 minutes with a sniffer and a few nifty tools and not only can I >> find the PPTP session but, take control. Now, *I* have access to your file >> on that NiceTry Server. > ><http://www.counterpane.com/pptp.html> of course. No, actually, this is a tool that a close friend wrote while working on a test harness for the PPTP protocol. It seems that MS PPTP doesn't quite work as advertized and it was necessary to sniff a ton of sessions to determine the protocol and write the state machine to interface to something other than Winblows as a client or server. I suppose that "releasing" the crack will brings with it notoriety in the community if that's what you're after. Personally, I find it more gratifying to know it can be done and have the prowess to do it than to provide the code to every bored 13y/o on the planet via anonymous ftp. >According to my Microsoft insider, "depends what the client is. If it's >NT and uses the NTLM hash, it's quite secure. If it's 9x and uses the >LM hash, it's easy to crack. Basically the deal is that 9x clients use >a shitty old hash method that's really easy to sniff and crack." The session hijacked was NT<->NT. With 3DES/Blowfish/etc freely available, why does MS feel the need to _attempt_ to write their own encryption? >Supposedly there are patches that close the holes, but PPTP still doesn't >appear to have been designed nicely to begin with. ---START PATCH.BAT--- ;patch.bat echo "Please insert Linux Bootable Installation CD in CD drive." pause "Press <ENTER> when ready." echo "This process may take several minutes depending on the speed of your computer" pause "Please press CTRL-ALT-DEL to begin the patch process..." ---END PATCH.BAT--- ------- John Fraizer (root) | __ _ | The System Administrator | / / (_)__ __ ____ __ | The choice mailto:[email protected] | / /__/ / _ \/ // /\ \/ / | of a GNU http://www.EnterZone.Net/ | /____/_/_//_/\_,_/ /_/\_\ | Generation A 486 is a terrible thing to waste...
|