5.3.1 Unauthorized Client Connecting to an SSTP Server

In this scenario, an unauthorized attacker poses as a valid SSTP client and tries to connect to a valid SSTP server. The HTTPS connection goes through because the server does not authenticate the client at the SSL/TLS layer. Make sure the SSTP server terminates the connection at the PPP layer after determining that the client has no proper user credentials. For more information, see [RFC1661].

Unauthorized client connecting to an SSTP server

Figure 9: Unauthorized client connecting to an SSTP server

Show: