Give me 10 minutes with a sniffer and a few nifty tools and not only can I find the PPTP session but, take control. Now, *I* have access to your file on that NiceTry Server.
<http://www.counterpane.com/pptp.html> of course. According to my Microsoft insider, "depends what the client is. If it's NT and uses the NTLM hash, it's quite secure. If it's 9x and uses the LM hash, it's easy to crack. Basically the deal is that 9x clients use a shitty old hash method that's really easy to sniff and crack." Supposedly there are patches that close the holes, but PPTP still doesn't appear to have been designed nicely to begin with. Aleph One also had a good summary of the counterpane paper. He posted the URL's to bugtraq a couple of days ago: http://listserv.ntbugtraq.com/scripts/wa-ntbt.exe?A2=ind9805&L=ntbugtraq&F=&S=&P=663 http://listserv.ntbugtraq.com/scripts/wa-ntbt.exe?A2=ind9806&L=ntbugtraq&F=&S=&P=172 http://listserv.ntbugtraq.com/scripts/wa-ntbt.exe?A2=ind9806&L=ntbugtraq&F=&S=&P=265 /cvk