PPTP .

• PPTP

https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

Generic Routing Encapsulation Example uses

1 In conjunction with PPTP to create VPNs.


Network address translation SNAT

1 Microsoft's Secure network address translation (SNAT) is part of Microsoft's

Internet Security and Acceleration Server and is an extension to the NAT driver built into Microsoft Windows Server. It provides connection tracking and filtering for the

additional network connections needed for the FTP, ICMP, H.323, and PPTP protocols

as well as the ability to configure a transparent HTTP proxy server.


OSI model - Examples

1 5 Session ISO/IEC 8327, X.225, ISO/IEC 9548-1, X.235 Sockets.

Session establishment in TCP, RTP, PPTP ASP, ADSP, PAP

NWLink DLC? Named pipes, NetBIOS, SAP, half duplex, full duplex, simplex, RPC, SOCKS


Layer 2 Tunneling Protocol - History

1 Published in 1999 as proposed standard RFC 2661, L2TP has its

origins primarily in two older tunneling protocols for Point-to-Point

communication: Cisco's Layer 2 Forwarding Protocol (L2F) and

USRobotics Point-to-Point Tunneling Protocol (PPTP)


Layer 2 Tunneling Protocol - Implementations

1 Open source and Linux: xl2tpd, Linux RP-L2TP, OpenL2TP, l2tpns, l2tpd

(inactive), Linux L2TP/IPsec server, FreeBSD multi-link PPP daemon, OpenBSD npppd(8), ACCEL-PPP - PPTP/L2TP/PPPoE server for Linux


Layer 2 Tunneling Protocol - Internet standards and extensions

1 RFC 2637 Point-to-Point Tunneling Protocol

(PPTP) (a predecessor to L2TP)


Telecommunications in Syria - Internet censorship

1 Voice over Internet Protocol (VoIP) is blocked completely and requires a proxy or Virtual Private Network

(VPN) to work around it. However, VoIP operators that utilize non-

standard Session Initiation Protocol (SIP) ports may function behind

Syria's proxy. VPN Access using the Point-to-Point Tunneling Protocol

(PPTP) is also blocked.https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

Virtual private network - Plaintext tunnels

1 Besides the GRE example above, native plaintext tunneling protocols include Layer 2 Tunneling Protocol

(L2TP) when it is set up without IPsec and Point-to-Point Tunneling Protocol

(PPTP) or Microsoft Point-to-Point Encryption (MPPE).


Virtual private network - Trusted delivery networks

1 Layer 2 Tunneling Protocol (L2TP) which is a standards-based

replacement, and a compromise taking the good features from each, for two proprietary VPN protocols: Cisco's Layer 2 Forwarding (L2F)

(obsolete as of 2009) and Microsoft's Point-to-Point Tunneling Protocol

(PPTP).


Telecommunications in Algeria - Anonymous involvement

1 They also will require authorization for any type of Virtual Private Network (VPN) technology (for

example; PPTP, L2TP, GRE Tunneling, OpenVPN, and most other protocols

that allow you protect your information)


Point-to-Point Tunneling Protocol

1 The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP

packets.


Point-to-Point Tunneling Protocol

1 However, the most common PPTP implementation shipping with the

Microsoft Windows product families implements various levels of

authentication and encryption natively as standard features of the

Windows PPTP stack


Point-to-Point Tunneling Protocol - Specification

1 A specification for PPTP was published in July 1999 as RFC 2637

and was developed by a vendor consortium formed by Microsoft,

Ascend Communications (today part of Alcatel-Lucent), 3Com, and others.

PPTP has not been proposed nor ratified as a standard by the IETF.



1 A PPTP tunnel is instantiated by communication to the peer on TCP port 1723. This TCP connection is

then used to initiate and manage a second GRE tunnel to the same peer.



1 The PPTP GRE packet format is non standard, including an additional

acknowledgement field replacing the typical routing field in the GRE

header. However, as in a normal GRE connection, those modified GRE

packets are directly encapsulated into IP packets, and seen as IP

protocol number 47.


Point-to-Point Tunneling Protocol - Implementations

1 The Routing and Remote Access Service for Microsoft Windows contains a PPTP server



1 Windows Vista and later support the use of PEAP with PPTP. The authentication mechanisms supported are PEAPv0/EAP-

MSCHAPv2 (passwords) and PEAP-TLS (smartcards and certificates).

Windows Vista removed support for using the MSCHAP-v1 protocol to

authenticate remote access connections.



1 There is also ACCEL-PPP – PPTP/L2TP/PPPoE server for Linux which supports PPTP in

kernel-mode.



1 OS X and iOS are bundled with a PPTP client. Cisco and Efficient

Networks sell PPTP clients for older Mac OS releases. Palm PDA devices

with Wi-Fi are bundled with the Mergic PPTP client.



1 Many different Mobile phones with Android as the operating system support PPTP as well.


Point-to-Point Tunneling Protocol - Security

1 PPTP has been the subject of many security analyses and serious security vulnerabilities have been found in the protocol. The known vulnerabilities relate to the underlying PPP

authentication protocols used, the design of the MPPE protocol as well as the integration between MPPE and PPP authentication for session key establishment. PPTP is (as of

October 2012) considered cryptographically broken and its use is no longer recommended

by Microsoft.


Point-to-Point Tunneling Protocol - Security

1 EAP-TLS is seen as the superior authentication choice for PPTP;

however, it requires implementation of a Public Key Infrastructure for both client and server certificates. As such

it is not a viable authentication option for many remote access

installations.


m0n0wall - Derivatives

1 m0n0wall mod: Original m0n0wall with additional features

(DHCP+PPTP, DHCP+PPPoE, static+PPPoE, L2TP, WAN eth

interface).


pfSense - Features

1 Virtual Private Networks using IPsec, L2TP, OpenVPN, or PPTP


Vyatta - Release History

1 4.0 April 2008 HistoricalGlendaleEureka 2.6.23 New CLI, PPTP and L2TP VPN servers, PPPoE

client, DHCP client, WAN load balancing, ECMP (Equal Cost

Multipath Routing), user roles. XORP replaced with quagga.


Point-to-point protocol - Derived protocols

1 PPTP is a form of PPP between two hosts via GRE using encryption (MPPE) and

compression (MPPC).


M0n0wall - Features

1 *IPsec and Point-to-point tunneling protocol|PPTP Virtual private network|VPNs


M0n0wall - Derivatives

1 * [http://code.google.com/p/m0n0wall-

mod/ m0n0wall mod]: Original m0n0wall with additional features

(DHCP+PPTP, DHCP+PPPoE, static+PPPoE, L2TP, WAN eth

interface).


VPN - Plaintext tunnels

1 Besides the GRE example above, native plaintext tunneling protocols include Layer 2 Tunneling Protocol|Layer 2 Tunneling Protocol (L2TP)

when it is set up without IPsec and Point-to-Point Tunneling Protocol|Point-to-Point Tunneling Protocol (PPTP) or Microsoft Point-to-Point

Encryption|Microsoft Point-to-Point Encryption (MPPE).


VPN - Trusted delivery networks

1 Valencia et al., May 1998 (obsolete ) and Microsoft's Point-to-Point

Tunneling Protocol (PPTP).[http://www.ietf.org/rfc/rfc2637.txt Point-to-Point Tunneling Protocol

(PPTP)], RFC 2637, K


Windows Mobile - Features

1 Windows Mobile support virtual

private networking (VPN) over PPTP

protocolhttps://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

OpenVZ - Limitations

1 OpenVZ is limited to the providing only some VPN technologies based

on PPP (such as PPTP/L2TP) and TUN/TAP. IPsec is supported inside

containers since kernel 2.6.32.


Windows 98 - Networking enhancements

1 Windows 98 Dial-Up Networking supports Point-to-Point Tunneling

Protocol|PPTP tunneling, support for ISDN adapters, multilink support, and

connection-time scripting to automate non-standard login

connections


Mentor Graphics - Products

1 ***Nucleus Point-to-Point Tunneling Protocol (PPTP)

software


EComStation - Version 1.1

1 Various other enhancements such as built-in support for PPPoE and PPtP

Internet connections were also provided.


Jornada (PDA) - Jornada 728

1 It runs on the Windows CE 3.0 based Handheld PC 2000 and contains a

slightly higher OS revision than the 710 or 720, providing the user with

native PPTP VPN functionality


Generic Routing Encapsulation - Example uses

1 * In conjunction with Point-to-point

tunneling protocol|PPTP to create VPNs.


Windows NT 4.0 Embedded - Features

1 The server editions of Windows NT 4.0 include Internet Information

Services 2.0, Microsoft FrontPage 1.1, Windows Media Services|NetShow Services, Remote Access Service (which includes a Point-to-Point

Tunneling Protocol|PPTP server for VPN functionality) and Multi-Protocol

Routing service


Windows NT 4.0 Embedded - Service packs

1 The service packs also added a multitude of new features such as newer versions of or improvements to Internet Information Services, public-key and certificate authority functionality, user accounts and user profile improvements, smart card support, improved symmetric multiprocessing (SMP) scalability, clustering capabilities, Component Object Model|COM support improvements, User Profile Disk Quotas,

Event Log service, Security Configuration Manager Microsoft Management Console|MMC snap-in, MS-CHAPv2 and NTLMv2, Server

Message Block|SMB packet signing, SYSKEY, Windows NT startup process|boot improvements, Windows Internet Naming Service|WINS improvements, Routing and Remote Access Service (RRAS), Point-to-Point Tunneling Protocol|PPTP, DCOM/HTTP tunneling improvements,

IGMPv2, Windows Management Instrumentation|WMI, Microsoft Active Accessibility|Active Accessibility and NTFS 3.0 support among others.[http://web.archive.org/web/19990117055557/http://www.microsoft.co

m/ntserver/nts/exec/overview/NT4SP4whatnew.asp What's New in Windows NT 4.0 Service Pack 4?]


Ciphertext-only attack

1 *Early versions of Microsoft's Point-to-point tunneling protocol|PPTP

virtual private network software used the same RC4 key for the sender and the receiver (later versions had other

problems). In any case where a stream cipher like RC4 is used twice

with the same key it is open to ciphertext-only attack. See: stream

cipher attackhttps://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

David A. Wagner

1 * 1999 Cryptanalysis of Microsoft's Point-to-point tunneling protocol|

PPTP tunnelling protocol (with Bruce Schneier and Peiter Zatko|Mudge).


Cryptographic engineering - Inherent zero-defect requirement

1 Examples: Netscape random bug found at UC Berkeley, Microsoft's

PPTP protocol implementation problems found by Schneier.


Comparison of firewalls - Non-Firewall extra features comparison

1 VPN (Virtual Private Network) Types are: PPTP, L2TP, MPLS,

IPsec, SSL/SSH.


ClearOS - Features

1 * Virtual private networking (IPSEC,

PPTP, OpenVPN)


L2TP - History

1 Published in 1999 as proposed standard RFC 2661, L2TP has its

origins primarily in two older tunneling protocols for Point-to-Point communication: Cisco Systems, Inc.|Cisco's Layer 2 Forwarding Protocol (L2F) and USRobotics Point-to-Point

Tunneling Protocol (PPTP)


Ipsectrace

1 Although its main purpose is to monitor ipsec traffic, ipsectrace can

be used to crack extra layers of security brought about by VPN

implementations of security such as ipsec and Secure Shell|SSH, whereas programs such as Anger, Deceit, and

Ettercap can be used to infiltrate PPTP security.


List of wireless router firmware projects - Minor projects

1 Supports captive portal, 802.1Q VLAN support, IPv6 support, stateful packet

filtering, NAT/PAT, DHCP, PPPoE/PPTP on WAN interface, IPsec VPN tunnels with support for hardware crypto cards and

mobile clients and certificates, PPTP VPN with RADIUS server support, static

routes, DHCP server/relay, SNMP agent, traffic shaper, Wake on LAN and firmware

upgrade in browser


PPTP

1 The 'Point-to-Point Tunneling Protocol' ('PPTP') is a method for implementing virtual private networks. PPTP uses a

control channel over Transmission Control Protocol|TCP and a Generic Routing

Encapsulation|GRE tunnel operating to encapsulate Point-to-Point Protocol|PPP

packets. PPTP is considered cryptographically broken and its use is no

longer recommended by Microsoft.


PPTP

1 A specification for PPTP was published in July 1999 as RFC

2637RFC 2637 and was developed by a vendor consortium formed by Microsoft, Ascend Communications

(today part of Alcatel-Lucent), 3Com, and others. PPTP has not been

proposed nor ratified as a standard by the IETF.


PPTP

1 A PPTP tunnel is instantiated by communication to the peer on

Transport Control Protocol|TCP port 1723. This TCP connection is then

used to initiate and manage a second Generic Routing

Encapsulation|GRE tunnel to the same peer.


PPTP - Implementations

1 Windows Vista and later support the use of Protected Extensible

Authentication Protocol|PEAP with PPTP. The authentication

mechanisms supported are PEAPv0/EAP-MSCHAPv2 (passwords)

and PEAP-TLS (smartcards and certificates). Windows Vista removed

support for using the MSCHAP-v1 protocol to authenticate remote

access connections.https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html


1 OS X and iOS include a built-in PPTP client, and OS X Server includes a PPTP service. Cisco Systems|Cisco

and Efficient Networks sell PPTP clients for older Mac OS releases.



1 Many different Mobile phones with Android (operating system)|Android

as the operating system support PPTP as well.


PPTP - Security

1 * MS-CHAP|MSCHAP-v1 is fundamentally insecure. Tools exist to

trivially extract the NT Password hashes from a captured MSCHAP-v1

exchange.[http://www.schneier.com/paper-pptp.pdf Bruce Schneier,

Cryptanalysis of Microsoft's Point to Point Tunneling Protocol (PPTP)].


PPTP - Security

1 * When using MSCHAP-v1, MPPE uses the same RC4 session key for

encryption in both directions of the communication flow. This can be

cryptanalysed with standard methods by XORing the streams from

each direction together.[http://www.schneier.com/pa

per-pptpv2.pdf Bruce Schneier, Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-

CHAPv2), October 19 1999].


PPTP - Security

1 Extensible Authentication Protocol|EAP-TLS is seen as the superior authentication choice for PPTP;[http://technet.microsoft.com/en-us/library/cc739638%28WS.10%29.aspx

Choosing EAP-TLS or MS-CHAP v2 for User-Level Authentication], Microsoft TechNet,

March 28, 2003 however, it requires implementation of a Public Key Infrastructure

for both client and server certificates. As such it is not a viable authentication option

for many remote access installations.


Wireless security - Additions to WPAv1

1 However, this extra layer of security may also be cracked with tools such

as Anger, Deceit and Ettercap (computing)|Ettercap for PPTP; and ike-scan, IKEProbe, ipsectrace, and

IKEcrack for IPsec-connections.


Stephen Sondheim - Early career

1 Guare also commented that Bernstein's score, which was supposed to be light, was heavily influenced by

Bernstein's feeling he needed to make a major musical statement.Secrest,

Meryle.[http://books.google.com/books?id=ndlY6OTKM-sCpg=PA1188lpg=PA1188dq=john+guare+talks+about+stephen+sondheimsource=blots=XGVDMCyXT_sig=4CJyIAcW0y8WN4yrIWoPpTPkC8Qhl=ensa=Xei=zworT4nvEMmJgwfbvPHKDwved=0CDYQ6AEwBA#v=onepage

q=john%20guare%20talks%20about%20stephen%20sondheimf=false Chapter 10:Being Alive] Stephen

Sondheim: A Life (1998, 2011), (books.google.com), Vintage Books, ISBN 978-0-307-94684-3, pp.188–189


Password recovery - Prevention

1 Unfortunately, many common Network Protocols transmit

passwords in cleartext or use weak challenge/response schemes.

[http://www.schneier.com/paper-pptp.html Cryptanalysis of Microsoft's

Point-to-Point Tunneling Protocol]


Network address translator - SNAT

1 Microsoft's Secure network address translation (SNAT) is part of Microsoft's ISA Server|Internet Security and Acceleration

Server and is an extension to the NAT driver built into Microsoft Windows Server.

It provides connection tracking and filtering for the additional network connections

needed for the FTP, ICMP, H.323, and PPTP protocols as well as the ability to configure

a transparent HTTP proxy server.


Anonymizer - Protocol independent anonymizers

1 Protocol independence can be achieved by creating a Tunneling protocol|tunnel to an anonymizer. The technology to do so varies. Protocols used by anonymizer

services may include SOCKS, Point-to-point tunneling protocol|PPTP, or

OpenVPN.


Network access server - Examples

1 *An Internet service provider which provides network access via common modem or

modem-like devices (be it PSTN, DSL, cable modem|cable or GPRS/UMTS) can have one

or more NAS (network access server) devices which accept Point-to-Point

Protocol|PPP, PPPoE or PPTP connections, checking credentials and recording

accounting data via back-end RADIUS servers, and allowing users access through

that connection.https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

SoftEther VPN - Full Ethernet Virtualization

1 Legacy VPN systems with L2TP, IPsec or PPTP can transmit only IPv4.

Because these VPN protocols can carry only the upper layer of equal or

more than layer-3. Contrariwise, SoftEther VPN can carry any packets which are equal or more than layer-2.


MS-CHAPv2

1 MS-CHAP is used as one authentication option in Microsoft's

implementation of the PPTP protocol for virtual private networks. It is also used as an authentication option with

RADIUS servers which are used for WiFi security using the Wi-Fi

Protected Access|WPA-Enterprise protocol. It is further used as the main authentication option of the

Protected Extensible Authentication Protocol (PEAP).


MS-CHAPv2 - Security Vulnerabilities and Cryptanalysis

1 * [http://www.schneier.com/paper-pptpv2.pdf Cryptanalysis of

Microsoft's PPTP Authentication Extensions (MS-CHAPv2)], co-written

by Bruce Schneier


MS-CHAPv2 - Security Vulnerabilities and Cryptanalysis

1 * [http://penguin-breeder.org/pptp/download/pptp_mschapv2.pdf Exploiting known security holes in Microsoft's

PPTP Authentication Extensions (MS-CHAPv2)], by Jochen Eisinger


Security and safety features new to Windows Vista - Other networking-related security features

1 * Windows Vista supports the use of Protected Extensible Authentication

Protocol|PEAP with Point-to-Point Tunneling Protocol|PPTP. The authentication mechanisms supported are PEAPv0/EAP-

MSCHAPv2 (passwords) and PEAP-TLS (smartcards and certificates).


Root squash - General

1 *Layer 2: Point-to-point tunneling protocol|PPTP


Randy Quaid - Application for Canadian refugee status

1 15, 2010][http://www.youtube.com/watch?v=ppTpSb_u7hAfeature=channel Randy Quaid Speaks To Vancouver

Media


IPREDator

1 On 12 August 2009, the beta testing invitations were sent out to those who

entered their email addresses into the beta signup form. Additionally, the homepage has changed to reflect the beta. The initially only used Point-to-point tunneling protocol|PPTP (supported natively in XP, Vista, Windows 7,

OS X and GNU/Linux through the use of PPTP-linux) to tunnel the connection through

servers (vpn.ipredator.se which resolves to multiple IP addresses) located in Sweden.


Internet in Israel - Connection specifications

1 Maximum speeds via the cable modem provider's (Hot) connection are 200Mbit/s down

and 5Mbit/s up over DOCSIS 3.0, a service started on October 21, 2009. All ADSL services require and use the Point-to-Point Protocol over

Ethernet|PPPoE protocol, and cable modem connections generally operate over DHCP. For

speed under 30Mbit/sec, a cable user can select to use Virtual private network|VPNs using the Point-to-point tunneling protocol|PPTP/Layer 2

Tunneling Protocol|L2TP protocol.


For More Information, Visit:

• https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

The Art of Servicehttps://store.theartofservice.com








PPTP .

Documents

Transcript of PPTP .