"Wireless hot spots and Internet Cafes that use broad band routers like
Linksys may not have this feature turned on"
I have seen the option enabled by default on many devices before, and many
not...
"With SSL based VPN's you don't need to turn anything on. It just works.
Assuming you have the server and client configured correctly.
Turn anything on? Look at those config files dude...There's time
spent...I'll race ya ;p)?
Now about the m$ part of your email. Who would ever do network security with
m$"
Okay, you asked for it. Go ahead and get a copy of ettercap or cain, and
learn to do a ssl man in the middle on any ssl vpn solution out there. Then
after you have learned to exploit ssl vpns, either by man in the middle or
simple web exploits like xss, go ahead and learn how to crack m$ pptp. Now,
you were saying about m$ pptp security? Looks like both fall fairly fast
there huh? Ah the joys of layer 2? Security is ipsec.
Now to why someone would want to learn or use m$ pptp
1) to learn and to enjoy understanding weaknesses
2) roi ;p)
3) a fella that just wants to put some files on his server fom school, and
wants a fast solution due to being busy with homework...
Lol, my god, did I just press send?
--eddie
-----Original Message-----
From: aklug-bounce@aklug.org [mailto:aklug-bounce@aklug.org] On Behalf Of
Damien Hull
Sent: Friday, October 13, 2006 3:09 PM
To: aklug@aklug.org
Subject: Re: pptp vpn
After reading your email I did a quick Google search.
Both PPTP and IPSec can go through a NAT firewall if the firewall has been
configured to do so. Wireless hot spots and Internet Cafes that use broad
band routers like Linksys may not have this feature turned on. I also looked
into Cisco PIX firewalls. It apperies that PPTP through NAT is not a default
setting. I'm not a Cisco guy so I'm not sure if this is the case.
With SSL based VPN's you don't need to turn anything on. It just works.
Assuming you have the server and client configured correctly.
Now about the m$ part of your email. Who would ever do network security with
m$?
ep wrote:
> "PPTP doesn't work with NAT"
>
> Grrrrr, m$ pptp DOES works with nat (and recent routers have moved
> beyond the ugly hack...). If he's m$ pptp client to m$ pptp server
> it's fine (I believe his client/server is rolling m$ pptp). In fact,
> just to cover that 1%; to make sure I wasn't about to stuff my foot in
> my mouth. I just
labbed
> it up again, even though I did this already in a recent pentest...
>
>
> Client------FW(nat)--------------(nat)FW---------Server
>
> IT WORKS! LMAO READ AGAIN, IT WORKS!
>
> Tgif AKLUG, now back to work.
>
> --eddie
>
>
>
>
>
> -----Original Message-----
> From: aklug-bounce@aklug.org [mailto:aklug-bounce@aklug.org] On Behalf
> Of Damien Hull
> Sent: Friday, October 13, 2006 11:19 AM
> To: aklug@aklug.org
> Subject: Re: pptp vpn
>
> What you want for this is OpenVPN. It does everything over SSL. This
> is really cool because you can us it through a firewall. A lot of
> firewalls
do
> network address translation or NAT for short. PPTP doesn't work with NAT.
> You can get fancy routers that tag each packet but it's a hack. You
> are better off using an SSL based VPN.
>
> If you are connecting Windows clients to your home network just get IPCop.
> There is a module for OpenVPN. There should be a way to connect Linux
> clients to IPCop but I havn't had time to look into it.
>
> Here's the site for OpenVPN: http://openvpn.net/
>
> Admin tool: http://sourceforge.net/projects/openvpnadmin/
>
> Blake Eggemeyer wrote:
>
>> i set up a small server at home
>> i want to acess it from school, so that i can save my CompSci hwk on it.
>> i have a router, the pptp option is enabled how do i tell the MS vpn
>> software that my routed IP is 66.58.216.90 and my server adress is
>> 192.168.1.5 any ideas?
>>
>> ---------
>> To unsubscribe, send email to <aklug-request@aklug.org> with
>> 'unsubscribe' in the message body.
>>
>>
>>
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe'
> in the message body.
>
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org> with
> 'unsubscribe' in the message body.
>
>
---------
To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe'
in the message body.
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Fri Oct 13 16:26:26 2006
This archive was generated by hypermail 2.1.8 : Fri Oct 13 2006 - 16:26:27 AKDT