G'day, TCP port 1723 is set out in the standard and reserved with IANA. The differences in "Microsoft" PPTP really only include a choice of authentication mechanism.
I was dead wrong about the username and password checking being included in the TCP part of the conversation - Microsoft haven't messed with the protocol _that_ much. All the PPTP RFC specifies is a way of setting up a GRE tunnel to move PPP packets (which contain IP, IPX, or pretty much any other protocol) around. The RFC (2637 [1]) doesn't specify any authentication mechanism - that is left to PPP, which is all as it should be. Microsoft choose to use the revamped MS CHAPv2 as their PPP authentication mechanism, about which much has been said and written, and I won't go into it too far. My thoughts on the whole thing should be lurking in the archives. They also choose to use MPPE as their point-to-point encryption, which can also be suboptimal, in some cases. Essentially, all TCP 1723 does is set up, tear down or send errors / keepalives for the GRE tunnel. You can also find some more information about PPTP written by Microsoft at MSDN. [2] In short, I think a lot of confusion arises over the actual nature of PPTP - by itself it's not a security / VPN protocol at all, unlike IPSec which is written for security from the ground up. It's just a tunneling protocol. The Microsoft VPN protocol would be more accurately called "MPPE-encrypted PPP with MS-CHAPv2 authentication Over PPTP" Cheers, [1] http://www.ietf.org/rfc/rfc2637.txt [2] http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwebto ol/html/understanding_pptp.asp (Beware - URL may wrap) -- Ben Nagy Network Security Specialist Mb: +61 414 411 520 PGP Key ID: 0x1A86E304 > -----Original Message----- > From: Clifford Thurber [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, March 26, 2002 1:07 AM > To: Ben Nagy; 'Jay Christopherson'; [EMAIL PROTECTED] > Subject: RE: Windows to Windows VPN through PIX > > > Can you explain what the TCP port 1723 is? Is that > negotiation part of the > standard or rfc? > Thanks > > > At 05:13 PM 3/23/2002 +1030, Ben Nagy wrote: [...] > >Here's what's happening: First there is some control information > >exchanged over TCP port 1723. That includes the username and > password > >checking, from memory[...] _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
