On Wed, 2004-02-11 at 14:19, James D. Stallard wrote:
> 1. Which is the better tunnelling protocol in terms of security and
> functionality, L2TP or PPTP, and why?

L2TP is superior simply because there have been a few papers written
about flaws in the PPTP protocol which weaken its effectiveness
severely. If possible, it would be best to disable PPTP completely and
use L2TP exclusively.

> 2. Is the community aware of any exploits that could be levelled against the
> firewall with the following ports opened to support VPNs?
>
> L2TP requires: Protocol 50, UDP 4500, UDP 500
> PPTP requires: Protocol 47, TCP 1723

That depends. Is the following your firewall?

> ------------------------------------------------------------------------
---
> Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
>
> Protect your network with the comprehensive security solution that
> integrates six applications for ease of use and lower TCO.
>
> Firewall - Virus protection - Spam protection - URL blocking - VPN
> - Wireless security.
>
> Download 30-day evaluation at:
> http://www.astaro.com/php/contact/securityfocus.php
> ------------------------------------------------------------------------
---

If so, then there are no known exploits which use those attack vectors.

--
Chris Gianelloni
Systems Administrator
IT Infrastructure and Support Lead
Conso International
(864) 427-9004 x 2748

[ reply ]