On Wed, 15 Sep 2004 10:40:07 -0500, +Alan Hicks+ wrote:
> Thought I'd document this here as it's likely to be of use to other
> people building a VPN server for Windows XP clients.

Arrrrrr, me bucko, this be a good subject t' bring up on International
Talk Like A Pirate Day! Well, ye brought it up whilst me schooner was
out t'sea, but I gets to it today!

I've not sailed it on Winders, mind ye, but openvpn works smartly fer
me an me hearties! PPTP is a scurvy bilge rat, arrrrrr. Weigh anchor
an' hoist the Jolly Roger!

Ere ye have any troubles with openvpn, its cap'n will snap to the fix,
me matey. An it be free software, a-sailin' th' sevens seas without
worry o'privateers, such as the fearsome lads from Redmond! MPPE, that
"M" be a-standin' fer Microsoft, me bucko!

When ye has t' say "Microsoft" an' "encryption" in the same breath, me
lad, ye know ye be saying somethin' wrong! It be like givin' yer
treasure map an' th' keys t' yer chest t' old Blackbeard 'imself! Aye,
he'll keep it safe fer ye! Arrrrrr!

> Setting up pptppd on Slackware 10.0

If i'd known ye was crossin' yer cutlass with PPTP/MPPE, me matey,
I'd'a sailed up an' helped ye. Avast that scurvy Ivan, arrrrr!
--
/dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
or put "not-spam" or "/dev/rob0" in Subject header to reply

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In alt.os.linux.slackware, /dev/rob0 dared to utter,
> Arrrrrr, me bucko, this be a good subject t' bring up on International
> Talk Like A Pirate Day! Well, ye brought it up whilst me schooner was
> out t'sea, but I gets to it today!

Ye crazy ole bilge rat! Even I thought ye knowed better than be sailin'
ye ship right straight into a storm like that 'un!

> I've not sailed it on Winders, mind ye, but openvpn works smartly fer
> me an me hearties! PPTP is a scurvy bilge rat, arrrrrr.

Arrr! That may be so, but it works, and I'll take me a chest fulla
silver on me ship than some chest fulla gold in the sand on some
island, with a worn and burned up map ta show me the way!

> Weigh anchor
> an' hoist the Jolly Roger!

Eye-eye, Captain! I'll have the colors flyin' before ye c'n say PPTPD.

> Ere ye have any troubles with openvpn, its cap'n will snap to the fix,
> me matey. An it be free software, a-sailin' th' sevens seas without
> worry o'privateers, such as the fearsome lads from Redmond! MPPE, that
> "M" be a-standin' fer Microsoft, me bucko!

Captain Hicks has no fear o' privateers matey! As the Good Book says,
an' yea though I walk through the valley of the shadow of death I will
fear no evil, for me an' me mates be the baddest and the meanest in the
whole damn valley! ARRR!

> When ye has t' say "Microsoft" an' "encryption" in the same breath, me
> lad, ye know ye be saying somethin' wrong! It be like givin' yer
> treasure map an' th' keys t' yer chest t' old Blackbeard 'imself! Aye,
> he'll keep it safe fer ye! Arrrrrr!

Aye, 'tis true, 'tie true, but when ye werkin' with land-lubbers ye
gots ta make things easy on 'em. Besides, I be the one takin' the
treasure! Arrrr!

> If i'd known ye was crossin' yer cutlass with PPTP/MPPE, me matey,
> I'd'a sailed up an' helped ye. Avast that scurvy Ivan, arrrrr!

Arrr! Me an' me mateys handled it all fine. I've got me the best
schooner in all the seven seas. A beauty o' a ship she be, and handled
that scurvy bilge rat Ivan like a toddler still nursin' on 'is mudder's
teet! We whooped 'im good an' broke up his arse along the shore!

- --
It is better to hear the rebuke of the wise,
Than for a man to hear the song of fools.
Ecclesiastes 7:5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBTaRzlKR45I6cfKARAn2hAJwONqN5rFZGk06a2EBN6L ls6T4LdgCfTF28
QrgdYUcouRamIDTzS+4AFzw=
=rlUY
-----END PGP SIGNATURE-----

pgp trash troll delete

Hicks, Alan
188 Shady Dale Dr
Lizella, GA 31052
478-935-8132

+Alan Hicks+ <alan@lizella.network> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In alt.os.linux.slackware, /dev/rob0 dared to utter,
>> Arrrrrr, me bucko, this be a good subject t' bring up on International
>> Talk Like A Pirate Day! Well, ye brought it up whilst me schooner was
>> out t'sea, but I gets to it today!
>
> Ye crazy ole bilge rat! Even I thought ye knowed better than be sailin'
> ye ship right straight into a storm like that 'un!
>
>> I've not sailed it on Winders, mind ye, but openvpn works smartly fer
>> me an me hearties! PPTP is a scurvy bilge rat, arrrrrr.
>
> Arrr! That may be so, but it works, and I'll take me a chest fulla
> silver on me ship than some chest fulla gold in the sand on some
> island, with a worn and burned up map ta show me the way!
>
>> Weigh anchor
>> an' hoist the Jolly Roger!
>
> Eye-eye, Captain! I'll have the colors flyin' before ye c'n say PPTPD.
>
>> Ere ye have any troubles with openvpn, its cap'n will snap to the fix,
>> me matey. An it be free software, a-sailin' th' sevens seas without
>> worry o'privateers, such as the fearsome lads from Redmond! MPPE, that
>> "M" be a-standin' fer Microsoft, me bucko!
>
> Captain Hicks has no fear o' privateers matey! As the Good Book says,
> an' yea though I walk through the valley of the shadow of death I will
> fear no evil, for me an' me mates be the baddest and the meanest in the
> whole damn valley! ARRR!
>
>> When ye has t' say "Microsoft" an' "encryption" in the same breath, me
>> lad, ye know ye be saying somethin' wrong! It be like givin' yer
>> treasure map an' th' keys t' yer chest t' old Blackbeard 'imself! Aye,
>> he'll keep it safe fer ye! Arrrrrr!
>
> Aye, 'tis true, 'tie true, but when ye werkin' with land-lubbers ye
> gots ta make things easy on 'em. Besides, I be the one takin' the
> treasure! Arrrr!
>
>> If i'd known ye was crossin' yer cutlass with PPTP/MPPE, me matey,
>> I'd'a sailed up an' helped ye. Avast that scurvy Ivan, arrrrr!
>
> Arrr! Me an' me mateys handled it all fine. I've got me the best
> schooner in all the seven seas. A beauty o' a ship she be, and handled
> that scurvy bilge rat Ivan like a toddler still nursin' on 'is mudder's
> teet! We whooped 'im good an' broke up his arse along the shore!
>
> - --
> It is better to hear the rebuke of the wise,
> Than for a man to hear the song of fools.
> Ecclesiastes 7:5
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iD8DBQFBTaRzlKR45I6cfKARAn2hAJwONqN5rFZGk06a2EBN6L ls6T4LdgCfTF28
> QrgdYUcouRamIDTzS+4AFzw=
> =rlUY
> -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In alt.os.linux.slackware, +Alan Hicks+ dared to utter,
> http://enterprisesecurity.symantec.c...m?ProductID=63
>
> If you're looking at using one of these things, here's my honest
> opinion. Save your time and energy. The monetary savings you _might_
> see from using one of these pales in comparison to the possible
> troubles.

Just thought I'd post this nice little e-mail I just pulled down from
bugtraq regaurding these products.

- ----------------------------------------------------------------------

From: "Mike Sues" <msues@rigelksecurity.com>
Date: September 22, 2004 2:50:12 PM EDT
To: <bugtraq@securityfocus.com>, <firewalls@securityfocus.com>,
<pen-test@securityfocus.com>, <vuln-dev@securityfocus.com>
Subject: Multiple Vulnerabilities in Symantec Enterprise
Firewall/Gateway Security Products



Rigel Kent Security & Advisory Services Inc
http://www.rigelksecurity.com

Advisory # RK-001-04

Mike Sues
September 22, 2004


"Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products"


Platform : Symantec Enterprise Firewall/VPN Appliances
100, 200, 200R
Symantec Gateway Security 320
Symantec Gateway Security 320, 360, 360R

Version : 100, 200, 200R
Prior to firmware build 1.63
320, 360, 360R
Prior to build 622

Configuration : Default


Abstract:
========

Three high-risk vulnerabilities have been identified in the Symantec
Enterprise Firewall products and two in the Gateway products. All are
remotely exploitable and allow an attacker to perform a denial of service
attack against the firewall, identify active services in the WAN interface
and exploit one of these services to collect and alter the firewall or
gateway's configuration.


Vulnerabilities:
===============


Issue RK-001-04-01:
Denial of service caused by a fast UDP port scan
Severity:
High
Description:
A fast map UDP port scan against all ports (i.e. 1-65535) on the WAN
interface of the firewall will cause the firewall to lock up and stop
responding. Turning the power off and on will reset the firewall.

The Gateway Security products are not affected by this issue.
Countermeasure:
Install firmware build 1.63



Issue RK-001-04-02:
Filter bypass on WAN interface
Severity:
High
Description:
A UDP port scan against the WAN interface of the firewall from a source
port of UDP 53 bypasses filter on WAN interface and exposes the following
active services,

tftpd
snmpd
isakmp

All other ports are reported as closed.
Countermeasure:
100, 200, 200R
Install firmware build 1.63
320, 360, 360R
Install firmware build 622



Issue RK-001-04-03:
Default read/write community string on SNMP service
Severity:
High
Description:
The default read/write community string used by the firewall is public,
allowing an attacker to collect and alter the firewall's configuration.
By combining this with RK-001-04-02, an attacker is able to exploit this
against the WAN interface by sending SNMP GET/SET requests whose source
port is UDP 53.

Moreover, the administrative interface for the firewall does not allow the
operator to disable the service nor change the community strings.
Countermeasure:
100, 200, 200R
Install firmware build 1.63
320, 360, 360R
Install firmware build 622


Credits:
=======

Rigel Kent Security & Advisory Services would like to thank Symantec for
their prompt response and action.

- ----------------------------------------------------------------------

- --
It is better to hear the rebuke of the wise,
Than for a man to hear the song of fools.
Ecclesiastes 7:5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBUsjslKR45I6cfKARAhz3AJ0Yjyfda7E5HSGDY1a0kE dJ4eQnWQCcDJld
EnI9v2jalLeZXPn2OpQa5JQ=
=Smst
-----END PGP SIGNATURE-----

pgp trash troll delete

Hicks, Alan
188 Shady Dale Dr
Lizella, GA 31052
478-935-8132

+Alan Hicks+ <alan@lizella.network> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In alt.os.linux.slackware, +Alan Hicks+ dared to utter,
>> http://enterprisesecurity.symantec.c...m?ProductID=63
>>
>> If you're looking at using one of these things, here's my honest
>> opinion. Save your time and energy. The monetary savings you _might_
>> see from using one of these pales in comparison to the possible
>> troubles.
>
> Just thought I'd post this nice little e-mail I just pulled down from
> bugtraq regaurding these products.
>
> - ----------------------------------------------------------------------
>
> From: "Mike Sues" <msues@rigelksecurity.com>
> Date: September 22, 2004 2:50:12 PM EDT
> To: <bugtraq@securityfocus.com>, <firewalls@securityfocus.com>,
> <pen-test@securityfocus.com>, <vuln-dev@securityfocus.com>
> Subject: Multiple Vulnerabilities in Symantec Enterprise
> Firewall/Gateway Security Products
>
>
>
> Rigel Kent Security & Advisory Services Inc
> http://www.rigelksecurity.com
>
> Advisory # RK-001-04
>
> Mike Sues
> September 22, 2004
>
>
> "Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products"
>
>
> Platform : Symantec Enterprise Firewall/VPN Appliances
> 100, 200, 200R
> Symantec Gateway Security 320
> Symantec Gateway Security 320, 360, 360R
>
> Version : 100, 200, 200R
> Prior to firmware build 1.63
> 320, 360, 360R
> Prior to build 622
>
> Configuration : Default
>
>
> Abstract:
> ========
>
> Three high-risk vulnerabilities have been identified in the Symantec
> Enterprise Firewall products and two in the Gateway products. All are
> remotely exploitable and allow an attacker to perform a denial of service
> attack against the firewall, identify active services in the WAN interface
> and exploit one of these services to collect and alter the firewall or
> gateway's configuration.
>
>
> Vulnerabilities:
> ===============
>
>
> Issue RK-001-04-01:
> Denial of service caused by a fast UDP port scan
> Severity:
> High
> Description:
> A fast map UDP port scan against all ports (i.e. 1-65535) on the WAN
> interface of the firewall will cause the firewall to lock up and stop
> responding. Turning the power off and on will reset the firewall.
>
> The Gateway Security products are not affected by this issue.
> Countermeasure:
> Install firmware build 1.63
>
>
>
> Issue RK-001-04-02:
> Filter bypass on WAN interface
> Severity:
> High
> Description:
> A UDP port scan against the WAN interface of the firewall from a source
> port of UDP 53 bypasses filter on WAN interface and exposes the following
> active services,
>
> tftpd
> snmpd
> isakmp
>
> All other ports are reported as closed.
> Countermeasure:
> 100, 200, 200R
> Install firmware build 1.63
> 320, 360, 360R
> Install firmware build 622
>
>
>
> Issue RK-001-04-03:
> Default read/write community string on SNMP service
> Severity:
> High
> Description:
> The default read/write community string used by the firewall is public,
> allowing an attacker to collect and alter the firewall's configuration.
> By combining this with RK-001-04-02, an attacker is able to exploit this
> against the WAN interface by sending SNMP GET/SET requests whose source
> port is UDP 53.
>
> Moreover, the administrative interface for the firewall does not allow the
> operator to disable the service nor change the community strings.
> Countermeasure:
> 100, 200, 200R
> Install firmware build 1.63
> 320, 360, 360R
> Install firmware build 622
>
>
> Credits:
> =======
>
> Rigel Kent Security & Advisory Services would like to thank Symantec for
> their prompt response and action.
>
> - ----------------------------------------------------------------------
>
> - --
> It is better to hear the rebuke of the wise,
> Than for a man to hear the song of fools.
> Ecclesiastes 7:5
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iD8DBQFBUsjslKR45I6cfKARAhz3AJ0Yjyfda7E5HSGDY1a0kE dJ4eQnWQCcDJld
> EnI9v2jalLeZXPn2OpQa5JQ=
> =Smst
> -----END PGP SIGNATURE-----