What is the vulnerability of PPTP?

PPTP is widely used as a VPN tunnel for enterprises that are using a private IP network that doesn't have a public IP address.

If there is no public IP address on the gateway of the private network, PPTP must be used to connect the terminal device(s) of the internal users from an external server. Because PPTP requires connection authentication (authentication mode=1), you can't use PPTP when there are a number of users and it is necessary to prevent an intruder from logging in through multiple connections. In addition, because PPTP can support only up to two layers of encryption (up to level 3 DES and AES) and up to 1024-bit encryption, the number of servers that can be used is limited and the possibility of a successful hacker attack is extremely high. I don't think it is a vulnerability when PPTP is used, but I think there is a great danger to users when VPN services are being used by large numbers of users. It is difficult for all of these terminals to access the same server at the same time because of PPTP's lack of scalability.

I agree with this. PPTP uses NAT/mapping between IP addresses in the NAT process. And if the firewall has a problem, the traffic also gets filtered.

As such, I think if there is a large volume of network traffic which needs to be processed, or when the firewall has a flaw, even if it can filter traffic, then network performance will be degraded significantly. PPTP lacks security, so it's best not to use it for workstations and servers. It's best to use IPSec or SSL for workstations and servers. Also, IPSec is more stable than PPTP. (IPSec and SSL protocols are designed based on IPsec as I understand). > PPTP lacks security, so it's best not to use it for workstations and servers. That's true. > Also, IPSec is more stable than PPTP. I do agree with you, however, there are lots of users out there who aren't that concerned about network security. And it might be convenient to add the capability to your software without implementing additional security methods.

What is port 1723 for?

Info port-forwarding. Package port-forwarding does not exist in trusty. !info port-forwarding saucy. Package port-forwarding does not exist in saucy. !info port-forwarding raring. port-forwarding (source: port-forwarding): forward ports on a router. In component universe, is optional. Version 2.4-0ubuntu2 (raring), package size 8 kB, installed size 42 kB
! that is replaced by gufw. Hiyas all. MonkeyDust: "Port-forwarding" in terminal means just to configure a firewall to pass a traffic flow from a internal port to an external IP address . I think.

What is the port 1723 PPTP vulnerability?

PPTP is Microsoft's Point-to-Point Tunneling Protocol.

This protocol allows a Windows (XP or newer) client to create a VPN connection to a remote PPTP VPN server, as if it were another member of the company's network. The company can define what connections appear as a part of the company network, like a Windows domain controller; to outsiders, they appear to be another member of the company network.

How does a port 1723 vulnerability impact users? While the vulnerability doesn't put any additional harm to users, it could put a bad image to the company, as this kind of information can be stolen or used to access and damage devices connected to a corporate network. Is there an exploit for this vulnerability? No, but we found other ways to attack companies using this protocol. For more details on that, check the article.

What should I do to protect against this vulnerability? Always use secure protocols, or at least those which require user interaction like In addition to that, keep in mind that the more often a machine is accessed from a known web domain, the greater the chance of malicious software being installed on it. For example, if your company has some servers located in its intranet, they should have different credentials than those systems connected to a VPN. If you're in doubt about such protocols, ask security professionals.

If you use a proxy configuration tool like Privoxy for personal protection, always follow that tool's recommendations. Even if you think you don't need it, be very cautious when configuring it to use HTTPS and avoid unnecessary configurations. For extra recommendations, read our Proxy Server configuration guidelines for Windows:

How to protect yourself against port 1723 vulnerability. To improve security of your company, we recommend that you update all clients to Windows 10 and apply the recommended patches from Windows Update regularly. For servers, it's good practice to disable Remote management (that is the option which allows users to connect remotely to a system with the Windows RDP or Terminal Services functions). Also be careful about who can access the servers and the configurations (IP addresses, firewalls, etc. If you work in a corporation or have servers under your own control, remember that the most common attacks start by stealing usernames and passwords.

How does PPTP provide protection?

(For the moment, I'm just talking about PPTP's IPsec and GRE/L2TP tunneling.)

There are two ways a VPN can provide protection: 1) Encrypt all traffic with its own key, not using keys provided by a certificate authority. 2) Encrypt only traffic destined for you (using a secret key) using your certificate authority's keys, not its own. If you were using just PPTP and not L2TP or GRE tunneling, you'd be using 1), which is a bit complicated, so let's stick to 2). PPTP's IPsec works using a certificate of its own that the client needs to download and accept. This is fine, except that this certificate can't be used as a trust anchor in a PKI system, since we need a way to check that this certificate hasn't been tampered with. For this reason, PPTP's IPsec is always considered "weak" in terms of security compared to L2TP.

But what PPTP does is that it performs a handshake with the VPN server before each packet that is sent and it is important for a VPN server to have a valid certificate that matches the client's. If the client knows that the VPN server will always respond to it if it tells it what to expect, then it doesn't matter if the server's certificate has been compromised -- the result will be the same.

You might think this means that PPTP has no "security" whatsoever, but actually, the situation is a bit more complicated. PPTP's IPsec makes use of symmetric keys to exchange information and make sure the protocol is understood, and also protects you against replay attacks. However, PPTP's IPsec (for instance, in versions earlier than PPTP 3.0) doesn't protect you against man-in-the-middle attacks, which only happens when PPTP is tunneling through a hostile network. To see how to protect against man-in-the-middle attacks, look at L2TP.

But this is all not as bad as it sounds, because although PPTP's IPsec uses a symmetric key for communication between the client and the VPN server, it doesn't use asymmetric keys to do it (like in SSH or SSL). The asymmetric keys are only used to create a secure encrypted tunnel (an IPSec ESP) between the client and the server.