[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pen-test
Subject:    RE: [in] VPN protocols
From:       "Curt Purdy" <purdy () tecman ! com>
Date:       2004-12-22 20:05:07
Message-ID: 200412221406890.SM07328 () wolfcub3kv
[Download RAW message or body]

Dan Tesch wrote:
> I am not very up on VPN protocols, I am testing a network 
> that has an edge router which has several site-to-site VPN's 
> set up and several clients connecting to it via MS PPTP client.
<snip> 

You did not mention the site-to-site vpn vendor, but sounds like ipsec to
me.  Your easiest shot at compromise is with PPTP.  It was an insecure
format from the beginning.  It took cisco to show Microsoft how to do VPN.

Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA
Information Security Engineer 
DP Solutions

-----------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke

[prev in list] [next in list] [prev in thread] [next in thread]