Microsoft pptp vpn vulnerabilities Exploits in Action


Overview of Protocol: PPTP (Point to Point Tunneling Protocol)



Download 2 Mb.
Pdf ko'rish
bet15/144
Sana16.01.2022
Hajmi2 Mb.
#372744
1   ...   11   12   13   14   15   16   17   18   ...   144
Bog'liq
microsoft-pptp-vpn-vulnerabilities-exploits-action 337

1.6 Overview of Protocol: PPTP (Point to Point Tunneling Protocol)
There are three key parts to the PPTP protocol.
The Control Connection over TCP (destination port is 1723, source 
1.
port can be any available port). THIS IS NOT AUTHENTICATED IN 
ANY WAY.
The IP tunnel used to transport GRE encapsulated packets (protocol 
2.
47 (note, this is not TCP or UDP PORT 47, but a specific, unique 
protocol).
The PPP packets that are encapsulated inside of the GRE tunnel 
3.
carried by IP. Note that only the DATA packets are encrypted (when 
encryption is actually used, which is left open to the implementer and 
not actually part of the PPTP RFC, only protocol numbers 0x21 
through 0xFA (just the data usually) would then be encrypted, this 
means all the other PPP traffic (for example LCP) would not be 
encrypted.
A tunnel must be established between each pair of systems (client and 
server) and a key that is included in the GRE packet header signifies which 
tunnel session a PPP packet is a member of.
The GRE header also contains:
Acknowledgment information

Sequencing information

The Control Connection (TCP port 1723) actually determines the data rate 
and traffic congestion actions based on information from the GRE headers.  The 
PPTP RFC does not itself specify which algorithms or technologies to use for 
congestion-control and flow-control (though some are suggested), that is left 
open to the implementer to determine, but using the information from the GRE 
headers as the data to act against for adjustments.
Each PPTP Control Connection message starts with an 8 octet fixed 
header with the following information contained within:
Total message length

Message type (either Control Message or Management Message)

“Magic Cookie” (a constant string of: “0x1A2B3C4D“)

Any loss of synchronization is supposed to result in closing the connection 
immediately.
Microsoft’s implementation of PPTP includes the following technologies:
IP

PPTP

0



Download 2 Mb.

Do'stlaringiz bilan baham:
1   ...   11   12   13   14   15   16   17   18   ...   144




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish