Re: PPTP versus L2TP and possible attacks

From: Chris Gianelloni (wolf31o2_at_charter.net)
Date: 02/12/04

Next message: Patrick Power: "Re: PPTP versus L2TP and possible attacks"

Previous message: Boles, Jeffrey B.: "Command Line Interface for Windows Server 2003 Zipped Compression"
In reply to: James D. Stallard: "PPTP versus L2TP and possible attacks"
Next in thread: Patrick Power: "Re: PPTP versus L2TP and possible attacks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "James D. Stallard" <james@leafgrove.com>
Date: Thu, 12 Feb 2004 10:16:18 -0500

On Wed, 2004-02-11 at 14:19, James D. Stallard wrote:
> 1. Which is the better tunnelling protocol in terms of security and
> functionality, L2TP or PPTP, and why?

L2TP is superior simply because there have been a few papers written
about flaws in the PPTP protocol which weaken its effectiveness
severely. If possible, it would be best to disable PPTP completely and
use L2TP exclusively.

> 2. Is the community aware of any exploits that could be levelled against the
> firewall with the following ports opened to support VPNs?
>
> L2TP requires: Protocol 50, UDP 4500, UDP 500
> PPTP requires: Protocol 47, TCP 1723

That depends. Is the following your firewall?

> ---------------------------------------------------------------------------
> Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
>
> Protect your network with the comprehensive security solution that
> integrates six applications for ease of use and lower TCO.
>
> Firewall - Virus protection - Spam protection - URL blocking - VPN
> - Wireless security.
>
> Download 30-day evaluation at:
> http://www.astaro.com/php/contact/securityfocus.php
> ---------------------------------------------------------------------------

If so, then there are no known exploits which use those attack vectors.

-- 
Chris Gianelloni
Systems Administrator
IT Infrastructure and Support Lead
Conso International
(864) 427-9004 x 2748

application/pgp-signature attachment: This is a digitally signed message part

Next message: Patrick Power: "Re: PPTP versus L2TP and possible attacks"

Previous message: Boles, Jeffrey B.: "Command Line Interface for Windows Server 2003 Zipped Compression"
In reply to: James D. Stallard: "PPTP versus L2TP and possible attacks"
Next in thread: Patrick Power: "Re: PPTP versus L2TP and possible attacks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: PPTP versus L2TP and possible attacks - what next?
... PPTP versus L2TP and possible attacks ... Watch the security week webcast with Jesper Johannson ... www.microsoft.com/webcasts and he talks about the truth/hype of PPtP. ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
(Focus-Microsoft)
Re: VPN server
... PPTP is encrypted, you can use L2TP without certificates. ... You can use a pre-shared key instead of a certificate for L2TP/IPSec ... Well you have to configure the RRAS VPN service (see buiilt-in Help* or ...
(microsoft.public.windows.server.active_directory)
Re: PPTP versus L2TP and possible attacks
... Watch the security week webcast with Jesper Johannson ... www.microsoft.com/webcasts and he talks about the truth/hype of PPtP. ... > protocal (not just bugs in implementation, but actually protocol ... >> I have recently deployed a VPN Server using Microsoft RRAS. ...
(Focus-Microsoft)
Re: Which is better PPTP or L2PT
... Pptp is not as secure as l2tp but it may be secure enough. ... l2tp requires the use of computer certificates and will not work over a NAT ... the internet can try to hack your VPN server because computer authentication ...
(microsoft.public.windows.server.networking)
Re: MS-CHAPv2 encryption
... If you have a windows 2003 server, and if you decide to use L2TP, you can do ... it even with NAT. ... PPTP is nice, I do agree. ... Hardware+pincode authentication rather than a domain\user+password. ...
(microsoft.public.win2000.networking)