dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5096
share rss forum feed

HD5830Gamer

join:2012-08-14

PPTP vs L2PT vs OPENVPN for defeating Internet censorship.

Hey guys i have a PPTP VPN, It is private not paid but is PPTP 128-bit good enough for Defeating Deep Packet Inspection? or do it need something like 256-bit AES or 1024-bit? Been wondering this for awhile. Since PPTP is old but the VPN is private only me and my friend has access to it and he owns the server.

It is also slow as F--k.

HELLFIRE
Premium
join:2009-11-25
kudos:18
PPTP / MS-CHAP is a joke from a security perspective -- see here.

Just like WEP, you really should put PPTP out to pasture and use something better.

My 00000010bits

Regards


eibgrad

join:2010-03-15
reply to HD5830Gamer
PPTP and WEP illustrate one very important point when it comes to security, and encryption in particular; you can never trust it to individuals, individual/private companies, or even standards committees. It *must* be open to analysis and the critique of EVERYONE! Or else you invariably end up w/ flaws and vulnerabilities.

HD5830Gamer

join:2012-08-14
Is PPTP enough to stop ISP monitoring?


eibgrad

join:2010-03-15
reply to HD5830Gamer
^^ Should be, if only because no ISP is going to put out any effort to crack it. They're typically just going to filter the open protocols when available and blow the rest off. Imagine the overhead and cost of trying to deal w/ all those encrypted sessions if they decided otherwise. Insane, not gonna happen.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to HD5830Gamer
Depends on a) how determined the ISP (or monitoring party) is, and b) how paranoid you are.

If you REALLY don't want anyone getting at that data, I'd ditch PPTP, bar none.

Regards

HD5830Gamer

join:2012-08-14
What VPN do you guys use then?

What VPN is good, what service? cost Isn't an issue.

Like on an ISP mainframe is there like a screen they look at that says what you been doing? i kinda wanna see what it looks like.

HarryH3
Premium
join:2005-02-21
kudos:3
Reviews:
·Suddenlink
reply to eibgrad
said by eibgrad:

^^ Should be, if only because no ISP is going to put out any effort to crack it. They're typically just going to filter the open protocols when available and blow the rest off. Imagine the overhead and cost of trying to deal w/ all those encrypted sessions if they decided otherwise. Insane, not gonna happen.

You may want to take a few minutes and read this:

»arstechnica.com/information-tech···ce-tech/
It's getting easier to track everything with each passing day.


F430

@qwest.net
reply to HD5830Gamer
quote:
Like on an ISP mainframe is there like a screen they look at that says what you been doing?
Don't know what you mean by "IPS mainframe" but there are a number of commercial devices which inspect, analyze and capture network traffic. The results are presented in many forms and used for many purposes. In the US and I suspect many other areas of the world it is often driven by money - an ISP wants to target ads or search engine results, a content provider wants to offer similar content so you will be more likely to purchase, etc. Unless there is a way to profit from it ISPs generally do not monitor network traffic.

Other entities do the same inspection for different reasons.

A while ago I worked for a company which was tasked with building boxes to analyze encrypted traffic - not decrypt it but just analyze it. It got to the point that our boxes could determine whether the traffic we were looking at was a user viewing a web page, was a user downloading a file and what the likely type of content was being downloaded, was sending or receiving email, etc. Of course the contents were encrypted so it was not possible to see the actual user data. VPN algorithms have gotten more sophisticated in order to counter this type of analysis but the boxes have also gotten better.

Bottom line. As an ordinary user pretty much no one cares about what you do except to target ads. Do something of high value and there are some really good tools people can use to get a good idea of what you are doing.

quote:
What VPN do you guys use then?
IPSec. It is harder to do a man-in-the-middle attack against IPSec and it has some builtin techniques to make analysis of the encrypted traffic harder.

HD5830Gamer

join:2012-08-14
reply to eibgrad
I didn't quite get what you mean by a VPN being open to analysis. You mean being studied? I thought PPTP has been replaced. Dunno why VPN providers still use it when L2TP is better and L2TP will work on phones too.

HELLFIRE
Premium
join:2009-11-25
kudos:18
said by HD5830Gamer:

Dunno why VPN providers still use it when L2TP is better and L2TP will work on phones too.

Just like why things like the BIOS, 3.5" floppy and DSUB video connectors refuse to die -- they're lowest common denominator.
Everyone can use them.

Regards

HD5830Gamer

join:2012-08-14
I read up they're going to remove the BIOS and they still haven't done it in the new PCI express 3.0 motherboards!

Maybe the BIOS is still there for Overclockers.

As for PPTP i think It's just easier to setup is the reason it still exists. PPTP can be secure ONLY if you know what you're doing and It still has flaws.

I also heard SSTP beats OpenVPN by a mile. That's why governments use SSTP instead of OpenVPN right?


Da Geek Kid

join:2003-10-11
::1
kudos:1
Reviews:
·Callcentric
Actually OpenVPN is a Cert Based SSL and it's quite safe since you can create your own certs and deploy them this way you can make sure your traffic is secure to the server, but not sure the purpose since who ever wants to watch your traffic they just have to capture the clear data from the server out...

you may be better off using Tor or HTTPS Everywhere from EFF...
»www.eff.org/https-everywhere
»www.torproject.org/

SSTP is a MS thing and I won't trust that, OpenVPN is open

HD5830Gamer

join:2012-08-14
I will not use Tor or that HTTPS thing. For 1 none hide your IP in MP games, only a VPN can do such a thing.

2. I don't want to browse with missing content. No Tor for me. OpenVPN with multi Hoping is probably the best bet.

BestService

join:2012-12-12
reply to HD5830Gamer
I would suggest OpenVPN if you are paranoid about security.