| VID |
13010 |
| Severity |
30 |
| Port |
1701 |
| Protocol |
UDP |
| Class |
L2TP |
| Detailed Description |
The L2TP(Layer 2 Tunneling Protocol) service is running.
L2TP(Layer 2 Tunneling Protocol), endorsed by Cisco, is an extension to the PPTP(Point-to-Point Tunneling Protocol) protocol, used by a ISP(Internet service Provider) to enable the operation of a VPN(Virtual Private Network) over the public line(internet). It combines the Cisco's L2F(Layer 2 Forwarding) protocol and Microsoft's PPTP(Point-to-Point Tunneling Protocol). The two main components that make up L2TP are the the L2TP Access Concentrator(LAC), which is the device that physically terminates a call and the L2TP Network Server(LNs), which is the device that terminates and possibly authenticates the PPP stream. Some vulnerabilities were reported in the L2TP service. For example, due to the rand() function of L2TP, a remote attackers can generate an appropriate response to a challenge to establish an authenticated tunnel with the L2TP endpoint. Thus, you should update the service to the latest version and filter the service port.
* Note: This checks by sending the "Start Control Connection Request" message to the 1701/UDP port.
* References:
http://www.securitytracker.com/alerts/2002/Aug/1005050.html
http://www.networksorcery.com/enp/protocol/l2tp.htm |
| Recommendation |
Update to the latest version and Filter the service port 1701/UDP using the firewall or the filtering software. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
