Re: [ISN] Microsoft PPTP DoS Exploit, ..NetBIOS..

From: mea culpa (jerichoat_private)
Date: Mon Jun 22 1998 - 18:50:16 PDT

  • Next message: mea culpa: "[ISN] Code Breaker Cracks Smart Cards' Digital Safe"

    Reply From: Aleph One <aleph1at_private>
    
    
    > 2) BACKGROUND: PPTP requires end-to-end connectivity for NetBOIS name
    > services at UDP port 137 in order to facilitate network browsing.  Without
    > this connectivity, shared objects on the remote server cannot be viewed in
    > "network neighborhood" (without a fallback to using NetBEUI).  Traffic
    > originating from the remote user on UDP port 137 *is not tunnled* in the
    > encrypted connection (via generic router encapsulation) but instead sent
    > in the clear. 
    > 
    > EXPLOIT: The name of the user is sent in the clear via UDP port 137
    > datagrams, which partially circumvents the purpose of the secure channel
    > offered by PPTP. 
    > 
    > SOLUTION: No complete solution.  Blocking UDP at both the remote user end
    > (which is difficult to accomplish) and at the server will stop the
    > transmission of the sensitive data contained in the datagrams.  The user
    > and server must then both be running NetBEUI to provide minimal network
    > browsing capability. 
    
    This is false. PPTP does not require any NetBIOS connectivity.
    You can check the box within the PPTP server that will filter all packets
    except those with destination port 1723 and GRE packets without any
    adverse effect.
    
    > --
    > 
    > See http://rs.internic.net/cgi-bin/whois?pb371
    > for additional contact information.
    > 
    > 
    > -o-
    > Subscribe: mail majordomoat_private with "subscribe isn".
    > Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    > 
    
    Aleph One / aleph1at_private
    http://underground.org/
    KeyID 1024/948FD6B5 
    Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01 
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:56:31 PDT