PPTP VPN: An Analysis of the Effects of a DDoS Attack
IEEE SoutheastCon 2019 Conference Proceeding
Personal Point-to-Point (PPTP) Virtual Private Network is widely used in small businesses and operations using legacy systems. In this paper, a default VPN gateway is set up and configured for a Direct Access PPTP VPN on a Windows Server 2016 machine running Routing, Remote Access, and Active Directory to permit Windows 10 client connectivity. Then a client is configured to connect remotely to this VPN over a network. On this same network, four Kali Linux machines are attacking the client with an Hping3 Denial-of-Service attack, which floods the client with packets to disrupt the service. In doing this, it is shown how the VPN itself handles the attack and what it does to protect the user from further attacks. While the client is under attack, it is found that the VPN would not establish a connection. Additionally, if the client is already connected to the VPN and is attacked, the VPN disconnects the client. This is accompanied by near-complete network instability and packet loss which correlates to the notorious insecurity of PPTP and explains why other protocols have become more widely implemented.
Jones, Joshua, Hayden Wimmer, Rami Haddad.
"PPTP VPN: An Analysis of the Effects of a DDoS Attack."
IEEE SoutheastCon 2019 Conference Proceeding: IEEE Xplore.
doi: https://doi.org/10.1109/SoutheastCon42311.2019.9020514 source: https://doi.org/10.1109/SoutheastCon42311.2019.9020514 isbn: 978-1-7281-0137-8