Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: Re: PPTP VERY long & strong passwords - Strong enough ?

Re: PPTP VERY long & strong passwords - Strong enough ?

From: Nick Owen <nickowen_at_mindspring.com>
Date: Tue, 01 Mar 2005 13:41:13 -0500

bla bla:

There is a tool called asleap that a has new-ish PPTP add-on for
passively breaking PPTP authentications. It's really the same MS-Chapv2
attack, but it is just much easier now that it can done over a WiFi
connection. I assume you can't be sure that your users won't be logging
in via a WiFi connection somewhere. I would think that even the longest
memorable password could be broken in a month offline.

It may not matter in your case, but worth knowing about.

HTH.

Nick

On Tue, 2005-03-01 at 14:01 +0000, bla bla wrote:
>
> Hi !
>
> 4 questions:
>
> 1. I use Win2003 PPTP VPN. I've gone through some of past posts & replies regarding PPTP (MS-CHAPv2) and came across this:
>
> "Finally, I want to state this: using long, very random password moves
> the PPTP attacks from the realm of the practical back into the
> theoretical. TO be sure, PPTP is 65,000 times easier to crack because of
> a flaw in the authentication protocol. But if you use 12-character (out
> of 95 "type-able" ASCII characters) randomly-generated passwords, you
> get about 2^79 possible combinations. Even with the 2^16 advantage the
> flaw in PPTP provides, it is still impractical for anyone to break the
> tunnel without tens of millions of dollars in investment. The NSA or
> distributed.net could break it in a few months, but that's about the
> only adversaries you'd need to worry about."
>
> Link: http://www.securityfocus.com/archive/50/330874/2005-02-26/2005-03-04/2
>
> Do you guys agree ?
> Are there any other (then weak\small passwords) exploits I should be aware of ?
> BTW, all vpn accounts set to "never expired" so that any possible "renew password" hack for stealing passwords can ever take place (passwords will be changed manually on a monthly basis-it's only ment for a few users).
> Also disabled this via the rras policy.

>
> 2. Are there any patches\fixes in Win2003 SP1 (ETA 28/3/05) concerning this ? has anybody encountered any problems in the SP1 beta2 ?
>
> 3. Does anybody know of a hack that will allow to map certificates to user account WITHOUT active directory (the server is a stand alone\not in a domain env.) ?
>
> 4. I'm also using ISS Blackice (Host IDS+Firewall, ver 3.6coa) on that server (I know-it's not supported by ISS on Win2003, bla bla bla...). it works great with pptp but intercepts l2tp\ipsec (MS-CHAPv2) login attempts as UDP_SHORT_HEADER and UDP_PROBE_OTHER intrusions (the vpn host is xpsp1). I've tried opening all the relevant ports + configuring the app to ignore these type of intrusions + trusting all communication from the vpn host ip, but to no avail. only stopping the firewall does the trick.
> Any thoughts ?
> Does Blackice has a forum somewhere ?
>
> Thnaks guys ! 

-- 
Nick Owen
WiKID Systems, Inc.
404.962.8983 (desk)
404.542.9453 (cell)
http://www.wikidstrongauthentication.com
At last, two-factor authentication, without the hassle factor
Received on Mar 02 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]