PPPoE vs PPTP
Disadvantages of PPTP not found in PPPoE
Bruce Schneier is an internationally renowned security technologist
and author has found many security flaws in Microsoft’s PPTP implementation
and only in Microsoft’s implementation, they are as follows:
• Microsoft’s PPTP server allows attacks to sniff passwords
across the network, break the encryption scheme and read confidential
• Microsoft’s PPTP server is also set up in a way leaving
it open to denial of service attacks.
• “…anyone can cause a Microsoft PPTP server to go
belly up. Well, anyone who can see the server.” Since the it’s
a VPN server anyone in the world can see it and gain access to it not
only the customers on your network.
All findings where backed up by Counterpane Systems. More detailed information
can be found at http://www.schneier.com/pptp-faq.html
The above disadvantages are not found in PPPoE more specifically in
Fine Point Technologies ServPoET and WinPoET combination.
A PPPoE termination point, such as ServPoET can not be seen by outsiders
to an ISP’s network. VPN technologies are set up and created in
a way that anyone, anywhere can (with a userid and password) gain access
to that network. PPPoE is designed that only users connected to that
specific network can gain “access” to that specific PPPoE
termination point. To show this I’ll briefly explain the PPPoE
The PPPoE Discovery Stage is made up of four steps: initiation, offer,
request, and session confirmation:
1) The PPPoE Active Discovery Initiation (PADI) packet:
The PPPoE client sends out a PADI packet to the broadcast address.
2) The PPPoE Active Discovery Offer (PADO) packet:
The PPPoE server, or Access Concentrator, responds to the PADI with
3) The PPPoE Active Discovery Request (PADR) packet:
When a PADO packet is received, the PPPoE client responds with a PADR
4) The PPPoE Active Discovery Session-confirmation (PADS) packet:
When the PADR is received; the Access Concentrator generates a unique
session identification (ID) for the Point-to-Point Protocol (PPP) session
and returns this ID to the PPPoE client in the PADS packet.
After that point userid and password are authenticated and the customer
can access the internet.
The above steps can only happen for a user who is directly connected
to that specific network. PPTP works in a way that any user can access
it and we’ll explain that next:
When configuring a VPN connection he VPN (PPTP) server needs to have
a IP address so a customer can enter that in to the VPN software in
Microsoft. This has to be made public so that your customers can configure
the software. Once that is made public it now means an user anywhere
in the world can access it. They may not have a userid and password
but as we’ve pointed out above that is not a difficult road block
to get past.
We feel by showing the points above that PPPoE actually is a more secure
and robust solution for a Provider over Microsoft’s PPTP / VPN