[c-nsp] pptp connection to 2600 with Windows VPN failing.
Gert Doering
gert at greenie.muc.de
Thu Dec 13 14:53:32 EST 2012
Hi,
On Thu, Dec 13, 2012 at 04:59:10PM +0100, Christophe Lucas wrote:
> interface Virtual-Template1
> ip unnumbered FastEthernet0/0
> autodetect encapsulation ppp
> peer default ip address pool vpn
> ppp encrypt mppe auto
> ppp authentication ms-chap-v2
JFTR, I hope everybody on this list is aware that PPTP with MPPE/MS-CHAP-v2
is about as secure as using PAP and no encryption.
If someone is able to sniff your PPTP/MPPE-Session, all they need is to
insert $200 into cloudcracker.com, and next morning they will have the
NTLM HASH needed to authenticate against the server, impersonating the
VPN client.
See here for a detailed description:
http://www.h-online.com/security/features/A-death-blow-for-PPTP-1716768.html
Use IPSEC, SSL-VPN or OpenVPN.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20121213/b1c0ce24/attachment.sig>
More information about the cisco-nsp
mailing list