Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PPTP Tunnel attacked

Status
Not open for further replies.
avalentin

avalentin

IS-IT--Management
Nov 27, 2003
17
0
0
MX
Hi everybody

I have a PIX 506E at console these messages appears

outside PPTP: Recvd xGRE pak from 69.0.0.108, len 51231
outside PPTP: Recvd xGRE pak from 69.0.0.84, len 51235, ack 813795339
outside PPTP: Recvd xGRE pak from 69.0.0.84, len 51231
outside PPTP: Recvd xGRE pak from 69.0.0.156, len 51231
outside PPTP: Recvd xGRE pak from 69.0.0.96, len 51235, ack 813795339
Interface outside - PPTP xGRE: Out paket, PPP len 1428

the ip addresses not are permitted, I using PPTP to make a VPN tunnels from Windows Clients, but I can not denied...I think this is and dos or ddos attack ...because eventually a client can not connect to VPN I need to reload the pix...

Any tip to resolve this problem?

Thanks
 
Sort by date Sort by votes
Diable PPTP an use a proper implemented protocol like IPSEC / nat-traversal.

Otherwise an upgrade might be in its place, i seem to recall some pptp issues in earlier than 6.3 code.

Jan

Network Systems Engineer
CCNA/CQS/CCSP
 
Upvote 0 Downvote
I just noticed the same thing on our PIX. I've had the "debug" options on before and after the RADIUS (IAS on W2k3) server change. Now that it's on W2k3, I notice the GRE packets going to remote IP addresses 69.0.x.x.

Did you ever find out why that was happening to you?

These packets only start when a PPTP connection is established -- and it doesn't even matter if the connection is from an internal IP to the internal interface of the PIX -- which tells me that this probably isn't some sort of attack, unless we've already be infiltrated.

Anybody else ever heard of this?!?

Thanks!
--Kip
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
63
Russtoleum
Russtoleum
steve56k
  • Locked
  • Question
Number of connections for VPN tunnel
Replies
0
Views
33
steve56k
steve56k
steve56k
  • Locked
  • Question
VPN Tunnel will not start
Replies
0
Views
33
steve56k
steve56k
Russtoleum
  • Locked
  • Question
custom VPN Tunnel not appearing when trying to add route
Replies
1
Views
49
jcarmichael1203
jcarmichael1203
ochie
  • Locked
  • Question
ASA 5505 Ipsec tunnel/firewall deny all rule hitting RTP packets
Replies
0
Views
30
ochie
ochie

Part and Inventory Search

Sponsor

Back
Top