From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Message-ID: <45ADE03F.2030204@altlinux.ru> Date: Wed, 17 Jan 2007 10:37:19 +0200 From: Andrei Bulava User-Agent: Thunderbird 1.5.0.8 (X11/20061205) MIME-Version: 1.0 To: ALT Linux sysadmin discuss References: <200701132223.34364.a_s_y@sama.ru> <45ABA38A.9070301@altlinux.ru> <200701161232.47993.dnsmaster@yandex.ru> <20070117081158.GA10645@work.nowhere.kiev.ua> In-Reply-To: <20070117081158.GA10645@work.nowhere.kiev.ua> X-Enigmail-Version: 0.94.1.0 Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable Subject: Re: [Sysadmins] =?koi8-r?b?dnBuIHNlcnZlciDJIHdpbmRvd3Mty8zJxc7U?= X-BeenThere: sysadmins@lists.altlinux.org X-Mailman-Version: 2.1.9rc1 Precedence: list Reply-To: ALT Linux sysadmin discuss List-Id: ALT Linux sysadmin discuss List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jan 2007 08:37:24 -0000 Archived-At: List-Archive: Sergey V Kovalyov wrote: > On Tue, Jan 16, 2007 at 12:32:47PM +0300, ABATAPA wrote: >=20 >>> =F5=D0=C1=D3=C9 =D7=C1=D3 =C7=CF=D3=D0=CF=C4=D8 =CF=D4 pptp. =ED=C1=CC= =CF =D4=CF=C7=CF, =DE=D4=CF =C2=C5=DA=CF=D0=C1=D3=CE=CF=D3=D4=D8 =D4=C1=CD= =C8=D2=CF=CD=C1=C5=D4 by >>> design (=D3=CD. http://www.schneier.com/paper-pptpv2.html ), =D4=C1=CB= =C5=DD=A3 =C9 >>> =D3=CC=C1=C2=C1=D1 =D3=CF=D7=CD=C5=D3=D4=C9=CD=CF=D3=D4=D8 GRE-=C9=CE= =CB=C1=D0=D3=D5=CC=D1=C3=C9=C9 =D3 iptables SNAT/MASQUERADE >>> (=CF=C7=D2=C1=CE=C9=DE=C5=CE=C9=C5 =CE=C1 =CB=CF=CC=C9=DE=C5=D3=D4=D7= =CF =CB=CC=C9=C5=CE=D4=CF=D7 pptp, =D2=C1=C2=CF=D4=C1=C0=DD=C9=C8 =DE=C5=D2= =C5=DA =DB=CC=C0=DA =D3=CF >>> SNAT/MASQUERADE - 1 =DB=D4. =CF=C4=CE=CF=D7=D2=C5=CD=C5=CE=CE=CF). >> =F3=D4=D2=C1=CE=CE=CF, =CB=C1=CB =D6=C5 =CF=CE=CF =D4=CF=C7=C4=C1 =D2=C1= =C2=CF=D4=C1=C5=D4? :) >> =FA=CE=C1=C0 =CE=C5=CD=C1=CC=CF =D0=D2=C9=CD=C5=D2=CF=D7... >=20 > =F0=CF-=CD=CF=C5=CD=D5, =C2=D9=CC =CE=C5=CF=C6=C9=C3=C9=C1=CC=D8=CE=D9=CA= =CD=CF=C4=D5=CC=D8 =C4=CC=D1 connection tracking. conntrack_pptp, =CF=D4=D3=D5=D4=D3=D4=D7=D5=C0=DD=C9=CA =D7 ALM 2.4 =C9 C= entOS 4. =E4=CC=D1 =CE=C5=CB=CF=D4=CF=D2=D9=C8 =D3=D5=D2=CF=D7=D9=C8 =CD=D5=D6=DE=C9=CE, =CE=C5 =D3=CB=CC=CF=CE=CE=D9=C8= =CB =D0=C5=D2=C5=D3=C2=CF=D2=CB=C5 =D1=C4=C5=D2 =C9 =D5=D6 =D4=C5=CD =C2= =CF=CC=C5=C5 iptables =D3=D7=CF=C9=CD=C9 =D3=C9=CC=C1=CD=C9, =DC=D4=CF =C9 =DA=CE=C1=DE=C9=D4 "= =D3=CC=C1=C2=C1=D1 =D3=CF=D7=CD=C5=D3=D4=C9=CD=CF=D3=D4=D8 GRE-=C9=CE=CB=C1= =D0=D3=D5=CC=D1=C3=C9=C9 =D3 iptables SNAT/MASQUERADE". =F1 =D6=C5 =CE=C5 =C7=CF=D7=CF=D2=C9=CC =D0=D2= =CF "=D0=CF=CC=CE=CF=C5 =CF=D4=D3=D5=D4=D3=D4=D7=C9=C5 =D3=CF=D7=CD=C5=D3=D4=C9=CD=CF=D3=D4=C9"? =F7=D9=C2=C9=D2=C1=D4=D8 =C4=C9=D3=D4=D2 =C9=D3=C8=CF=C4=D1 =C9=DA =D0=CF= =C4=C4=C5=D2=D6=CB=C9 conntrack_pptp - =CE=C5 =CD=CF=CA =D3=D4=C9=CC=D8. = =F4=C5=CD =C2=CF=CC=C5=C5, =DE=D4=CF =D3=CD. =D0.1 - "=C2=C5=DA=CF=D0=C1=D3=CE=CF=D3= =D4=D8 =D4=C1=CD =C8=D2=CF=CD=C1=C5=D4". =EB=CF=D0=C1=CA=D4=C5 =D7 =D3=D4=CF=D2=CF=CE=D5 =D4=CF=C7=CF, =DE=D4=CF =D3= =CF=D7=C5=D4=D5=C5=D4 =D3=C1=CD =D7=C5=CE=C4=CF=D2: When Joshua Wright reported this to Microsoft's official security response team, Microsoft gave this official response. * Implement and enforce a strong password policy. * If users wish to continue using PPTP, they should employ EAP-TLS authentication instead of the default MSCHAPv2 authentication mechanism. * Switch to an L2TP/IPSEC based VPN. --=20 // AB1002-UANIC