Pptp ports are protocols (a set of communication rules) that allow corporations to expand their own corporate network through private channels and the public Internet. Thanks to this method, the corporation uses the wide area network as one large local area network. The company does not need to lease its own lines for broadband communications, but can reliably use public networks. This type of connection is called a virtual private network (VPN).
Pptp ports - what is it?
Thanks to PPTP, which is an extension of the Point-to-Point Internet Protocol (PPP), any PC user with PPP client support can use an independent service provider (ISP) to securely connect to the server elsewhere (that is, via remote access). Pptp ports are one of the most likely proposals as the basis for the new Internet Engineering Task Force (IETF) standard.
Technology Description
The specification was first presented to the public in July 1999 and was developed by a subsidiary of Microsoft Ascend Communications (today part of Alcatel-Lucent). PPTP has not been adopted and standardized by the Internet Engineering Task Force. The protocol is created by communicating with the peer through PPTP port 1723. This TCP connection is then used to initiate and manage the peer.
The PPTP GRE packet format is not standard, including a new confirmation number field that replaces a typical routing field. However, as with a regular GRE connection, these modified GRE packets are directly encapsulated in IP packets and are treated as IP protocol number 47. The GRE tunnel is used to carry PPP packets. In a Microsoft implementation, tunneled PPP traffic can be authenticated using PAP, CHAP, MS-CHAP v1 / v2.
Pptp: which ports are the most secure?
PPTP was the subject of many security analyzes, and the protocol identified serious security vulnerabilities that relate to the basic PPP authentication protocols, the development of MPPE, and the integration between MPPE and PPP authentication for session establishment.
PPTP has a number of known vulnerabilities. It is no longer considered safe, since it is possible to crack the initial authentication of MS-CHAPv2 by breaking one 56-bit DES key. It is susceptible to MITM attacks, where an attacker can perform an offline attack to obtain the RC4 key and decrypt traffic. PPTP is also vulnerable to bit-reversal attacks. An attacker could modify PPTP packets without detection. OpenVPN with AES encryption is a much safer choice.
Vulnerability Overview Communication Rule Set
MS-CHAP-v1 is fundamentally unsafe. There are well-known tools for trivially extracting NT Password hashes from a captured MSCHAP-v1 exchange.
MS-CHAP-v1 MPPE uses the same RC4 session key to encrypt in both directions of the communication flow. Here cryptanalysis can be carried out in standard ways by means of XORing flows from each direction together.
MS-CHAP-v2 is vulnerable to dictionary attacks for captured call answering packets. There are basic tools to quickly complete this process.
In 2012, an online service was also demonstrated that was able to decrypt the MS-CHAP-v2 MD4 passphrase in 23 hours. MPPE uses an RC4 stream cipher. There is no way to authenticate a stream of ciphertext, and therefore it is vulnerable to a bit-turning attack. An attacker can modify the stream in transit and configure individual bits to change the output stream without detection. These bit flips can be detected by the protocols themselves by means of checksums or other means.
EAP-TLS is considered the best authentication choice for PPTP. However, this requires an implementation of the public key infrastructure for client and server certificates. Therefore, it may not be a viable authentication option for some remote access installations.