GEN:SID 1:2044
Message POLICY PPTP Start Control Request attempt
Summary The Point to Point Tunneling Protocol (PPTP) is used to connect client
machines to internal corporate resources using a Virtual Private Network
(VPN) across a public network such as the Internet via an encrypted
session.

Impact Possible loss of data from an internal network to an unknown external
source.
Detailed Information internal resource to an unknown external source. This may be an
indication of an attempt to initialize an encrypted session for
nefarious purposes.

An internal user may try to use an encrypted tunnel to evade possible
detection when transferring files from an internal resource to an
unauthorized eternal party.
Affected Systems All systems allowing PPTP connections from an internal to external
source.
Attack Scenarios The user only needs to initiate a connection to an external source.
Ease of Attack Simple
Corrective Action Disallow PPTP transactions from the internal LAN to external sources.
Additional References