This one is precious:
<quote>
Description:
The remote host appears to be running a PPTP (VPN) service.
This service allows remote users to connect to the internal network
and gain a trusted user role. This service should be protected with a
strong encryption scheme like IPSEC. By default the service leaks out
such information as Server version (PPTP version), Hostname and Vendor
string this could help an attacker better perpare her next attack.
General solution:
Restrict access to this port from untrusted networks. Make sure only
encrypted channels are allowed through the PPTP (VPN) connection.
</quote>
Seriously, if the client could use IPSEC why would you need
PPTP?!??!?!?!?!!??!?!
For those curious, the service doing the scanning is ScanAlert (the
folks who bring you the "HackerSafe" seal of approval).
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
