Q: THC PPTP Bruter

Once again – another security question from our readers to the security experts who read this blog:

I ran across your site looking for information regarding the security of PPTP. I then found the PPTP bruter program from THC. I am a small business owner. I am a VAR (value added reseller) of POS (point of sale) equipment. My POS equipment is usually windows PC’s running POS software. I install a SOHO router that is also a PPTP endpoint so I can VPN in and remotely administrator my clients systems.

I’m trying to find out how easy it would be for someone to hack my PPTP endpoint. Can you help me figure out how to test my router?


K. L.

  • http://xenomuta.tuxfamily.org/ XenoMuta

    Dear writer…

    Use of PPTP has been dis-encouraged by many security specialist for it has been subject of many weaknesses.

    PPTP has many unencrypted control packets that could be spoofed with ease.

    If you want to find out how easy would it be for someone to hack your PPTP endpoint, this depends on a series of additional elements of the PPTP solution:
    - What type of authentication do you use? MSCHAPv2 ? EAP/TLS ?
    - How many bytes long is your password (8 or less is very insecure)

    If an attacker manages to somehow capture initial packets is just a matter of minutes (with a good Rainbow Table) to crack the 16 bits challenge and password hash.
    An attacker determined to break in could try brute forcing your endpoint doing about 19 million password tries per hour.

    Anyway, an attacker’s approach wouldn’t necessarily be the PPTP endpoint, when he could rather try compromising the router’s CLI or Web GUI instead.

    If you really want to test your router’s PPTP endpoint strength, you could do so by brute forcing the endpoint with a good dictionary file mixing it with numbers, maybe l33tsp3ak , etc…

  • dmitryc

    imo, you don’t want to just test the PPTP. You should test the entire SOHO router setup.

  • Volker

    Why not use a SOHO router that is capable of IPsec or OpenVPN? The cheapest ones are only marginally more expensive than standard SOHO routers – but the VPN system is much harder to crack.

    If you are willing to invest a little into more you could install a firewall-system (PC with two ethernet cards with installed linux/BSD firewall distribution – starting at 140 EUR for a brand new PC nowadays, or at 40 EUR for a refurbished one) which will be much better in performance, security and capabilities – and often even in terms of usability.