Logo
 
Upper Toolbar Picture
HOME      ISP PPPoE      SUBSCRIBER PPPoE      TR-069 FAQs      CONTACT      SEARCH      FORUMS      SEARCH ENGINE OPTIMIZATION
Lower Toolbar Picture

Ethernet Picture

  What is PPPoE?
  Why PPPoE?
  PPPoE vs PPPoA
  PPPoE vs PPTP
  PPPoE Client
  PPPoE Server
  Offloading PPPoE
  RFC 2516
  Windows PPPoE
  Windows XP PPPoE
  Windows Vista PPPoE
  MAC PPPoE
  MAC OS X PPPoE
  Sony PSP PPPoE
  Networking with PPPoE
  Tweaking
  Broadband Links
  Download Limits
  Search Optimization

PPPoE Picture PPPoE Part 2 PPPoE Spacer


PPPoE vs PPTP

Disadvantages of PPTP not found in PPPoE
Bruce Schneier is an internationally renowned security technologist and author has found many security flaws in Microsoft’s PPTP implementation and only in Microsoft’s implementation, they are as follows:
• Microsoft’s PPTP server allows attacks to sniff passwords across the network, break the encryption scheme and read confidential data.
• Microsoft’s PPTP server is also set up in a way leaving it open to denial of service attacks.
• “…anyone can cause a Microsoft PPTP server to go belly up. Well, anyone who can see the server.” Since the it’s a VPN server anyone in the world can see it and gain access to it not only the customers on your network.
All findings where backed up by Counterpane Systems. More detailed information can be found at http://www.schneier.com/pptp-faq.html

The above disadvantages are not found in PPPoE more specifically in Fine Point Technologies ServPoET and WinPoET combination.

A PPPoE termination point, such as ServPoET can not be seen by outsiders to an ISP’s network. VPN technologies are set up and created in a way that anyone, anywhere can (with a userid and password) gain access to that network. PPPoE is designed that only users connected to that specific network can gain “access” to that specific PPPoE termination point. To show this I’ll briefly explain the PPPoE discovery phase:

The PPPoE Discovery Stage is made up of four steps: initiation, offer, request, and session confirmation:
1) The PPPoE Active Discovery Initiation (PADI) packet:
The PPPoE client sends out a PADI packet to the broadcast address.
2) The PPPoE Active Discovery Offer (PADO) packet:
The PPPoE server, or Access Concentrator, responds to the PADI with a PADO
3) The PPPoE Active Discovery Request (PADR) packet:
When a PADO packet is received, the PPPoE client responds with a PADR packet.
4) The PPPoE Active Discovery Session-confirmation (PADS) packet:
When the PADR is received; the Access Concentrator generates a unique session identification (ID) for the Point-to-Point Protocol (PPP) session and returns this ID to the PPPoE client in the PADS packet.
After that point userid and password are authenticated and the customer can access the internet.

The above steps can only happen for a user who is directly connected to that specific network. PPTP works in a way that any user can access it and we’ll explain that next:

When configuring a VPN connection he VPN (PPTP) server needs to have a IP address so a customer can enter that in to the VPN software in Microsoft. This has to be made public so that your customers can configure the software. Once that is made public it now means an user anywhere in the world can access it. They may not have a userid and password but as we’ve pointed out above that is not a difficult road block to get past.

We feel by showing the points above that PPPoE actually is a more secure and robust solution for a Provider over Microsoft’s PPTP / VPN implementation.