At 10:53 AM 6/4/98 -0700, you wrote:
Cygnus has tools that let you build SHH on WinNT.
At 10:14 AM 6/4/98 -0700, Dave Siegel wrote:
Nah, They never heard of virtual circuits.
Seriously, PPP over IP is a way of building a cheap VPN. The thing is that SSH already does that job much better.
SSH does not allow me to access file on the corporate NT server.
PPTP (ala MS VPN) does.
Give me 10 minutes with a sniffer and a few nifty tools and not only can I find the PPTP session but, take control. Now, *I* have access to your file on that NiceTry Server. I have yet to see or hear about this being done with an SSH tunnel. Perhaps you would like to put a unix box on your network to do SSH tunnels with and from there, mount your SAMBA share from the NiceTry box. Or then again, maybe you trust MS. <sic> ------- John Fraizer (root) | __ _ | The System Administrator | / / (_)__ __ ____ __ | The choice mailto:root@EnterZone.Net | / /__/ / _ \/ // /\ \/ / | of a GNU http://www.EnterZone.Net/ | /____/_/_//_/\_,_/ /_/\_\ | Generation A 486 is a terrible thing to waste...
Give me 10 minutes with a sniffer and a few nifty tools and not only can I find the PPTP session but, take control. Now, *I* have access to your file on that NiceTry Server.
<http://www.counterpane.com/pptp.html> of course. According to my Microsoft insider, "depends what the client is. If it's NT and uses the NTLM hash, it's quite secure. If it's 9x and uses the LM hash, it's easy to crack. Basically the deal is that 9x clients use a shitty old hash method that's really easy to sniff and crack." Supposedly there are patches that close the holes, but PPTP still doesn't appear to have been designed nicely to begin with. Aleph One also had a good summary of the counterpane paper. He posted the URL's to bugtraq a couple of days ago: http://listserv.ntbugtraq.com/scripts/wa-ntbt.exe?A2=ind9805&L=ntbugtraq&F=&S=&P=663 http://listserv.ntbugtraq.com/scripts/wa-ntbt.exe?A2=ind9806&L=ntbugtraq&F=&S=&P=172 http://listserv.ntbugtraq.com/scripts/wa-ntbt.exe?A2=ind9806&L=ntbugtraq&F=&S=&P=265 /cvk
participants (2)
-
John Fraizer -
klineļ¼ uiuc.edu