Hey Dave,
Microsoft's PPTP VPN stuff is a joke. It is considered to be VERY
insecure and pretty easy to crack. DON'T use it for mission
crittical stuff. But.. I will forward you the stuff I have anyway
just to let you come to your own impressions. If you are serious
about Linux VPNs.. there should be a HOWTO in /usr/DOC that uses
PPPD and SSHD. Pretty cool!
Anyway.. First.. something emails from Bugtraq about PPTP security
and then details on GRE (pptp) tunnels with Linux:
--David
--
Date: Wed, 3 Jun 1998 10:51:54 -0500
From: Aleph One <[EMAIL PROTECTED]>
Subject: Re: VPN and PPTP Vulnerabilities
To: [EMAIL PROTECTED]
This is part of an article I am writting. There is little new that people
here hasnt seen but its a good summary.
It is interesting to note that Microsoft has choosen to omit certain
vulnerabilities from their responce to the Conterpane paper. Lets
summarize them here so they don't get confused:
---> The control connection is not authenticated.
Microsoft claims they will enhance the control channel in future
updates to authenticate each control packet.
---> The MS-CHAP LANMAN hash responce is vulnerable to a dictionary attack
---| that can be speed up enourmously.
Microsoft claims to be testing a PPTP server update that will stop
clients from authenticating using the LANMAN responce and a Windows 95
client update that will stop clients from sending the LANMAN responce.
The PPTP Performance Update for Windows NT 4.0 stops a Windows NT
client from sending the LANMAN hash responce if configured to require
128-bit encryption. Yet this is of little conform for non-US customers
that cannot use the 128-bit version of the software. The only way for
them to completely get rid of the 40-bit LANMAN hash based key is for
Microsoft to implement the 40-bit NT hash based key introduced in the
second draft of the MPPE draft.
---> The MS-CHAP NT hash responce is vulnerable to a dictionary attack.
---> A attacker can steal a users password hashes via the MS-CHAP password
---| change protocol version one.
---> The 40-bit LANMAN hash based session key is the same accross sessions.
---> MPPE does not provide true 128-bit or 40-bit security.
Microsoft simply recommends that customers enforce a strong password
policy. They should instead modify PPTP to generate truly random
keys and use some type of key exchange protocol such as Diffie-Helman.
---> MPPE does not encrypt Network Control Protocol PPP packets.
---> MPPE uses the same key in both directions.
---> MPPE is vulnerable to a Reset-Request attack.
Microsoft has fixed this problem in the latest PPTP draft by introducing
the statesless mode. The PPTP Performance Update for Windows NT 4.0
implements this mode of operation. There is no solution for Windows 95
yet. This means that if you have Windows 95 PPTP clients you are still
vulnerable.
---> MPPE is vulnerable to bit flipping attacks.
---> There are a number of denial of service and other vulnerabilities
---| caused by implementation errors.
Microsoft claims to have fixed some of this problems with
PPTP-FIX and PPTP2-FIX.
At least Microsoft should produce an Windows NT and Windows 95 PPTP
update that does not use the same session keys in each direction,
that does not support MS-CHAP password change protocol version one
and does not send the send to LANMAN based responce.
As to the other part of your question. Its the usual requirements. Passive
attack only require sniffing. Active attacks that only inject new packets
into the stream has the same requirements as sniffing. Active attacks
where the attacker must substitute or modify packets by either the client
or server require that the attacker either maskrarade as the client or
server or be able to capture packets for either while stopping those
packets from reasching its destination (in other words be in bewteeen).
The most common attack with the last result would be DNS hijacking.
Aleph One / [EMAIL PROTECTED]
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
[ End forwarded message ]
--
Approved-By: [EMAIL PROTECTED]
Date: Tue, 2 Jun 1998 10:53:40 -0500
Reply-To: Aleph One <[EMAIL PROTECTED]>
Sender: Bugtraq List <[EMAIL PROTECTED]>
From: Aleph One <[EMAIL PROTECTED]>
Subject: PPTP Vulnerability
To: [EMAIL PROTECTED]
This is a FYI. Most of this has already been discussed in NTBUGTRAQ and
NTSECURITY. Counterpane has released a paper discussing several
vulnerabilities in PPTP. You can find the paper at
http://www.counterpane.com/pptp.html.
Some of these vulnerabilities I had already discussed on the nt security
mailing lists back in October of last year and May of this year. You can
find my late night ramblings on the subject at:
http://listserv.ntbugtraq.com/scripts/wa-ntbt.exe?A2=ind9805&L=ntbugtraq&F=&S=&P
=663
http://listserv.ntbugtraq.com/scripts/wa-ntbt.exe?A2=ind9806&L=ntbugtraq&F=&S=&P
=172
http://listserv.ntbugtraq.com/scripts/wa-ntbt.exe?A2=ind9806&L=ntbugtraq&F=&S=&P
=265
Aleph One / [EMAIL PROTECTED]
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
--
Resent-Date: Fri, 31 Oct 1997 14:25:19 -0800
Date: Fri, 31 Oct 1997 14:15:38 -0800 (PST)
From: "John D. Hardin" <[EMAIL PROTECTED]>
Sender: [EMAIL PROTECTED]
Reply-To: "John D. Hardin" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Resent-From: [EMAIL PROTECTED]
X-Mailing-List: <[EMAIL PROTECTED]> archive/latest/1927
X-Loop: [EMAIL PROTECTED]
Resent-Sender: [EMAIL PROTECTED]
Subject: [masq] ANNOUNCE: PPTP Masquerade Patch page now available
All:
I have finally written up some documentation for the PPTP Masquerade patch:
http://www.wolfenet.com/~jhardin/ip_masq_pptp.html
-------------------------------------------------------------------------
John Hardin KA7OHZ [EMAIL PROTECTED]
PGP fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
finger for PGP key Linux: the choice of a Gnu generation
-------------------------------------------------------------------------
2 days until we find out if Mulder really *did* do it...
--
Resent-Date: Thu, 15 Jan 1998 15:59:02 -0800
From: Michael Anthon <[EMAIL PROTECTED]>
To: IP Masq Mailing List <[EMAIL PROTECTED]>
Date: Fri, 16 Jan 1998 09:53:16 +1000
X-Mailer: Internet Mail Service (5.0.1458.49)
Resent-From: [EMAIL PROTECTED]
X-Mailing-List: <[EMAIL PROTECTED]> archive/latest/2711
X-Loop: [EMAIL PROTECTED]
Resent-Sender: [EMAIL PROTECTED]
Subject: [masq] PPTP Masquerading
X-Status:
This works !!!
I just thought I would post the problems that I have run into in case
anyone else out there is struggling to get it working.
I had a couple of glitches when trying to configure this patch. It
installed and compiled quite happily, but then I ran into the following
problems (which are not related to the patch at all)
1. I had the same subnet configuration on both the local and remote
sections of the LAN. While this seems to work quite happily dialling in
with the one machine, once you do it via PPTP it stuffs up. My work LAN
is 10.10.10.x with a subent mask of 255.0.0.0. My home LAN was the same
but is now 10.1.1.x/255.255.255.0. The problem here is that the PPTP is
esentially a routing bridge, if the subnets are the same then the
routing does not get done.
The other issue here is that you must DISABLE the PPTP option to "use
default gateway on remote network". Otherwise your routing table is
modified with the deletion of your existing default route and it's
replacement with a new one pointing at a machine on the remote network.
This stops all local LAN traffic and the whole thing falls into a big
screaming heap.
2. I don't know why, but I can't get PPTP to connect with just the
TCP/IP protocol. I found that enabling both TCP/IP and NetBEUI on the
client, then I can connect, which is really strnage since I don't have
NetBEUI installed on the PPTP server (or do I ? hmm... must check).
3. I have had a couple of strange happenings when trying to connect.
Occasionally it will attempt to connect then immediately disconnect.
Either re-booting the win95 box or waiting for a while seems to fix this
problem. Again, I don't think this is related to masquerading, it's
just typical MS problems 8^)
Hope this helps someone....
Regards
Michael Anthon
.----------------------------------------------------------------------------.
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
