This should instigate an interesting discussion. As I too am in a Microsoft
shop, I would also be interested in some constructive answers to Paul's
questions.
> ----------
> From: Paul Gracy[SMTP:[EMAIL PROTECTED]]
> Sent: Monday, December 27, 1999 8:01 AM
> To: [EMAIL PROTECTED]
> Subject: RE: MS PPTP (Safe?) - alternative?
>
> Since I'm an engineer and just want to get some done from home...
>
> Ok. So a bunch of people dislike PPTP (version 1 and 2). But nobody has
> offered a constructive comment. So kindly do so, or quit your bitchin'.
>
> Constructive comments are defined in my world as 1 of these 3 things:
> 1) Do this and pptp is as safe as it gets. Your level of risk is X.
> Knowing this, use or don't, as you choose.
> 2) Use protocol / software XYZ as a replacement for PPTP; it only costs
> x$.
> 3) "I've written a replacement; source and binaries are available at
> www.____.___/pptp_replacement.html. Please perform peer review and let me
> know if you find any bugs."
>
> I'm waiting.......
>
> -----Original Message-----
> From: Brian Steele [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, December 14, 1999 11:34 AM
> To: [EMAIL PROTECTED]
> Subject: Re: MS PPTP (Safe?)
>
>
> ...and you can do this without being first authenticated by the NT server
> providing the VPN service?
>
> Brian Steele
>
>
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: "Jimi Aleshin" <[EMAIL PROTECTED]>
> Cc: "J. T. B." <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Tuesday, December 14, 1999 9:44 AM
> Subject: Re: MS PPTP (Safe?)
>
>
> >
> >
> >
> > One thing to remember, protocol 47 is GRE (Generic Route Encapsulation).
> > Remember the days of disabling
> > Source Route Forwarding at the TCP Layer ????
> > GRE is in it's basic form, the very same thing at the IP layer.
> >
> > What does this mean ????
> >
> > Well, I could send a GRE packet that contains another protocol in its
> payload.
> > This could be, for example, NETBIOS.
> > I could then use a GRE stream to browse your Windows NT domain.
> >
> > Please review RFC 1702 paying strong attention to the section on IP
> Source
> Route
> >
> > http://www.ietf.org/rfc/rfc1702.txt
> >
> > After you read the RFC, you may want to consider the risks associated
> with
> it.
> >
> >
> >
> >
> >
> >
> >
> > "Jimi Aleshin" <[EMAIL PROTECTED]> on 12/13/99 05:45:38 PM
> >
> > Please respond to "Jimi Aleshin" <[EMAIL PROTECTED]>
> >
> > To: "J. T. B." <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> > cc: (bcc: Jerry Kendall/Inc/Celestica)
> >
> > Subject: Re: MS PPTP (Safe?)
> >
> >
> >
> >
> > It is an implementation of PPP over TCP. This means that a user must
> already
> > have an Internet connection. The technology creates a second virtual PPP
> > network adapter. By using the native PPP authentication and encryption
> > services, the technology is easily implemented using existing
> technology.
> > Originally developed by Microsoft, U.S. Robotics (now 3Com), Ascend, and
> > other remote access companies.
> > In 1998, a severe flaw was found in PPTP's authentication scheme. This
> was
> > fixed in MS-CHAP V2 of Microsoft's implementation.
> > When setting up a PPTP server, you must enable port 1723 and protocol 47
> > through the firewall.
> > So try it out.
> >
> > /Jimi Aleshin
> > Mail: [EMAIL PROTECTED]
> > ICQ: 26180172
> >
> > ----- Original Message -----
> > From: J. T. B.
> > To: [EMAIL PROTECTED]
> > Sent: Monday, December 13, 1999 01:09 PM
> > Subject: MS PPTP (Safe?)
> >
> >
> >
> > I'm looking at building a secure VPN and was wondering if Microsoft's
> PPTP
> > was any good? I had heard some very bad things about it. Have they
> cleaned
> > it up, or should I look elsewhere?
> >
> > Thanks!
> >
> > ______________________________________________________
> > Get Your Private, Free Email at http://www.hotmail.com
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
