Comment 4 for bug 681617

Hello,
I have patched pptpclient-1.7.2, too. The main difference to the excellent patch of Ruslan is that here 'missing window' validation is disabled by default. The command line switch is implemented as laid out by Ruslan. After some discussion, colleagues of mine and me came to the conclusion that this validation check offers no benefit whatsoever. There are far more pressing security issues surrounding pptp in general and spoofing can't be detected reliably in this way. The 'missing window' approach does not detect bad packages either - in a nutshell: it is a bit arbitrary to say the least. Deactivating _might_ have the advantage of scalability when going 30mbit/s and beyond. A very rough estimate suggests, that a range of 6000 packets in a .3 second window could be surpassed when 27mbit/s are reached (and something disturbs the force so to speak).