Re: PPTP (or GRE) Guru needed !!

[Brand Arnaud <arnaud@sites.mine.nu>]

Thanks Daniel, more usefull than dreamwvr's try.
Thaks anyway dreamwvr, but you know, I can read.
When I post a question, that's because I didn't find
anything out and its starts to bore me to test day
and night. If you have better sources than mine
please tell me, I will then avoid boring people with
my questions. Thanks.


At 11/01/2002 20:17  ( Friday ), you wrote:
>===== Original Message from Brand Arnaud <arnaud@sites.mine.nu> at 11-1-2002
>19:37
> >2)Can I filter on it (i've seen that I need the current sources
> >and have a quick fix for the ps proc size mismatch)
> >
>You can filter on anything you like.

I meant on GRE. I remember someone said on this list or tech, I
not sure anymore that GRE was only supported by the -current pf


> >3) Won't it make problems to dial out ? or better said
> >are the dial-out packets encapsulated in GRE too
> >or are they coded in another proto ?
> >
>You should do the filtering on ppp0. You may be able to do 'some' useful
>filtering on rl1 but I'm not sure what you'd want to filter there.
>Daniel

Filtering on ppp0 is already on (I just turned it off to test if I could 
filter GRE)
I saw a month ago a site that told (don't remember the url sorry)
that under certain conditions a cracker could take (total) control over
your modem (by uploading new firmware into your modem and some
other easier ways).
I was just asking me if he couldn't then exploit some mysterious prob
that would be on the iface when pptp is running.
Then, it would be great to do some filtering on rl1, and it would be
quite usefull.
In fact, even if it's improbable that someone takes control over the
modem, the ethernet card only serves for him, when there's only gre
going over that link, why not filter on it and keeping state ?

Because I wasn't sure of it, that's why I'm rebuilding a new kernel....

I'll tell you out of the list if you want

Regards

Arnaud