PPTP Preso - Openloop

volleyballbeginnerNetworking and Communications

Oct 27, 2013 (3 years and 8 months ago)

78 views






P
oint
-
to
-
P
oint
T
unneling
P
rotocol

[PPTP]



Team: Invincibles


Deepak Tripathi

Habibeh Deyhim

Karthikeyan Gopal

Satish Madiraju

Tusshar RakeshNLN

Agenda


Overview



PPTP Connections



PPTP Architecture


PPTP Underlying Technology


PPP Architechure


PPTP Security





PPTP

?

PPTP
-

enables secure data transfers between a remote
client and an enterprise server by creating a VPN
across an IP
-
based internetwork



Success of PPTP



The use of PSTNs (Public Switched Telephone
Networks).



Support to Non
-
IP protocols.

PPTP Connections


For Remote Access:



PPTP Client connects to the ISP
using Dial Up Networking




PPTP then creates a tunnel between
the VPN client and VPN server.



For LAN internetworking:



It does not require the ISP
connection phase so the tunnel could
be directly created.




PPTP Architecture


PPTP employs three processes to secure
PPTP
-
based communication over unsecured
media


PPP
-
based connection establishment



PPTP Connection control



PPTP tunneling and data transfer

PPTP Connection Control


Common PPTP control messages

Name

Description

Start
-
Control
-
Connection
-
Request

Request from the PPTP client to establish
control connection.

Start
-
Control
-
Connection
-
Reply

Reply from the PPTP server to the client.

Outgoing
-
Call
-
Request

Request from the PPTP client to the server
to establish a PPTP tunnel

Outgoing
-
Call
-
Reply

Response from the PPTP server to the
client

Echo
-
Request

Keep
-
alive mechanism from either server
or client.

Echo
-
Reply

Response to the Echo
-
Request message.

Stop
-
Control
-
Connection
-
Request


Request Message from the PPTP client or
server notifying the other end of the
termination of control connection.

Stop
-
Control
-
Connection
-
Reply

Reply Response from the opposite end.


PPTP Data Tunneling and Processing


Recipient end


Sender end


Underlying Technology


PPTP is based on PPP


Operates at layer 2 of OSI


Advantages:


Can operate any DTE or DCE including EIA/TIA
-
232
-
C and
ITUV.3


Does not restrict transmission rates



Requirement:



Availability of a duplex connection


Synchronous


Asynchronous

PPP architecture



PPP standards
-
based protocol.


PPP's frame format is based on the HDLC


PPP can negotiate link options dynamically


support multiple Layer 3 protocols, such as IP, IPX,
and AppleTalk.

PPP architecture
-

LCP


PPP defines the
Link Control Protocol (LCP).



The job of the LCP


Establish, configure, and test the data
-
link
connection.


Callback


Data compression


Multilink


PAP authentication


CHAP authentication

LCP Authentication


PAP vs. CHAP



PAP(password authentication protocol)


Remote host is in control of login
requests. (Trial and error attack)


Password is sent in clear text


LCP Authentication


PAP vs. CHAP





CHAP(challenge handshake authentication
protocol)


Access servers is in control of login attempts


Password is not transmitted in clear text



CHAP Operation

PPP architecture


NCP


Link partners exchange NCP packets to
establish
and configure different network
-
layer
protocols

including IP, IPX, and AppleTalk.


Each Layer 3 protocol has its own NCP.


The
NCP can build up and tear down multiple
Layer 3 protocol sessions over a single data
link
.


PPTP Security


Data Encryption


Data Authentication


Packet Filtering


Firewalls & Routers

Encryption


Microsoft Point to Point Encryption


RSA RC4 Algorithm with 40 or 128 Bit
key


XOR Attack


Bit Flipping Attack





Authentication Methods


Clear Text password


LANMAN Hash


NT Encryption Hash


Challenge/Response MSCHAP

LAN Manager Hash


Password


Convert to uppercase


Divide into two 7 character strings


Encrypt a fixed constant with a string


Merge both 8 byte strings


16 byte hashed string

14 Byte String

NT Encryption Hash


Password



Hash using MD4



16 Byte hash

Unicode

MSCHAP


Client requests login challenge


Server sends 8 byte random challenge


Client calculates LANMAN hash or NT
hash


Partitions the key into three keys


Each key encrypts the challenge


Three keys are merged and sent as
response

P
0

P
1

P
2

P
3

P
4

P
5

P
6

P
7

P
8

P
9

P
10

P
11

P
12

P
13

H
0

H
1

H
2

H
3

H
4

H
5

H
6

H
7

H
8

H
9

H
10

H
11

H
12

H
13

H
15

H
14

K
0

K
1

K
2

K
3

K
4

K
5

K
6

K
7

K
8

K
9

K
10

K
11

K
12

K
13

R
0

R
1

R
2

R
3

R
4

R
5

R
6

R
7

K
15

K
14

0
18

0
19

0
20

0
17

0
16

R
8

R
9

R
10

R
11

R
12

R
13

R
15

R
14

R
16

R
17

R
18

R
19

R
20

R
21

R
23

R
22

Secret Password:

LM hash of the password:

3 DES keys derived:

Challenge response: 3 DES encryptions of 8
-
byte challenge:

DES

MSCHAP…

Packet Filtering & Firewalls


Packet filtering allows a server to route
packets to only authenticated clients



Firewalls filter the traffic on the basis of
ACL ( Access Control List )

Cakewalk! AsLEAP

No Such Thing As Free Lunch!


PPTP is weaker option, security wise,
IPSec, L2TP are more secure



PPTP is platform dependent



Requires extensive configuration



References




IPSec VPN Design
By
Vijay

Bollapragada
, ISBN
-
13:
978
-
1
-
58705
-
111
-
1




http://cabrillo.edu/~rgraziani/courses/ccnp_sem6.html



http://www.faqs.org/rfcs/rfc1661.html



http://grok2.tripod.com/ppp.html