Re: PPTP versus L2TP and possible attacks

From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 02/12/04

  • Next message: Zachary Mutrux: "RE: PPTP versus L2TP and possible attacks" 
    Date: Thu, 12 Feb 2004 13:00:21 -0800
To: Patrick Power <ppower@registrypro.pro>

    And when was the last time you read that?

    Watch the security week webcast with Jesper Johannson
    www.microsoft.com/webcasts and he talks about the truth/hype of PPtP.

    Patrick Power wrote:

    > Actually L2TP is only a tunneling protocol. Is does not include any
    > encryption. L2TP makes a "virtual network" just not a "virtual private
    > network". L2TP is primarily used by Microsoft in conjunction with
    > Point-to-point IPSec, where IPSec provides the encrytpion part of it.
    >
    > PPTP is a complete VPN on it's own. However, the last I read about it,
    > there were some pretty significant flaws in the design of the PPTP
    > protocal (not just bugs in implementation, but actually protocol
    > design flaws I believe) which made PPTP relatively easy to crack.
    > IPSec on the other hand has not has any such flaws yet discovered, and
    > is *widely* considered a very secure solution.
    >
    > -Patrick
    >
    >
    > James D. Stallard wrote:
    >
    >> Hi
    >>
    >> I have recently deployed a VPN Server using Microsoft RRAS. RRS is the
    >> preferred technology because there are few anticipated users and the
    >> software is free :)
    >>
    >> The VPN Server sits behind the corporate firewall and operates fine,
    >> accepting incoming connections reliably.
    >>
    >> I am rather new to the VPN game (I usually design Active Directory
    >> infrastructures) and set up both L2TP and PPTP protocols for convenience
    >> sake while the client pilots the solution. My questions are therefore:
    >>
    >> 1. Which is the better tunnelling protocol in terms of security and
    >> functionality, L2TP or PPTP, and why?
    >>
    >> 2. Is the community aware of any exploits that could be levelled
    >> against the
    >> firewall with the following ports opened to support VPNs?
    >>
    >> L2TP requires: Protocol 50, UDP 4500, UDP 500
    >> PPTP requires: Protocol 47, TCP 1723
    >>
    >> 3. Anything else I should know?
    >>
    >> All advice is appreciated
    >>
    >> Thanks in advance
    >> Regards
    >>
    >> James D. Stallard
    >>
    >>
    >>
    >> ---------------------------------------------------------------------------
    >>
    >> Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
    >>
    >> Protect your network with the comprehensive security solution that
    >> integrates six applications for ease of use and lower TCO.
    >>
    >> Firewall - Virus protection - Spam protection - URL blocking - VPN -
    >> Wireless security.
    >>
    >> Download 30-day evaluation at:
    >> http://www.astaro.com/php/contact/securityfocus.php
    >> ---------------------------------------------------------------------------
    >>
    >>
    >>
    > 

    -- 
http://www.sbslinks.com/really.htm
---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
Protect your network with the comprehensive security solution that 
integrates six applications for ease of use and lower TCO.
Firewall - Virus protection - Spam protection - URL blocking - VPN 
- Wireless security.
Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
---------------------------------------------------------------------------
  • Next message: Zachary Mutrux: "RE: PPTP versus L2TP and possible attacks"

    Relevant Pages

    • Re: PPTP versus L2TP and possible attacks
      ... >> Actually L2TP is only a tunneling protocol. ... >> PPTP is a complete VPN on it's own. ... >> there were some pretty significant flaws in the design of the PPTP ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Focus-Microsoft)
    • RE: PPTP versus L2TP and possible attacks - what next?
      ... PPTP versus L2TP and possible attacks ... Watch the security week webcast with Jesper Johannson ... www.microsoft.com/webcasts and he talks about the truth/hype of PPtP. ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Focus-Microsoft)
    • Re: PPTP versus L2TP and possible attacks
      ... Which is the better tunnelling protocol in terms of security and ... > functionality, L2TP or PPTP, and why? ... L2TP is superior simply because there have been a few papers written ...
      (Focus-Microsoft)
    • Re: PPTP client not working on 4.10-R
      ... and questions@ involving a PPTP client. ... which was to be a PPTP client. ... a PPTP server on the same LAN, even though that PPTP server was ... it can be a security risk. ...
      (freebsd-questions)
    • Re: PPTP client not working on 4.10-R
      ... and questions@ involving a PPTP client. ... which was to be a PPTP client. ... a PPTP server on the same LAN, even though that PPTP server was ... it can be a security risk. ...
      (freebsd-net)
    • Quantcast