New VPN Hunter Service Scans Domains For Remote-Access Systems

If there’s one thing attackers love, it’s readily accessible remote-connection services running on a target company’s network. Once an attacker knows that an organization is running a specific kind of VPN or has RDP enabled on a bunch of machines, he can then start looking for known vulnerabilities or target users’ credentials for those systems. The folks at Duo Security are releasing a new service today called VPN Hunter that will help companies identify which remote-access services on their networks are exposed to the Internet.

If there’s one thing attackers love, it’s readily accessible remote-connection services running on a target company’s network. Once an attacker knows that an organization is running a specific kind of VPN or has RDP enabled on a bunch of machines, he can then start looking for known vulnerabilities or target users’ credentials for those systems. The folks at Duo Security are releasing a new service today called VPN Hunter that will help companies identify which remote-access services on their networks are exposed to the Internet.

VPN Hunter is a simple Web interface that enables a user to enter any domain name and will then return a list of every remote access service that’s found on the domain, including IPsec VPNs, SSL VPNs, RDP and SSH. It will also look for indications of whether the company has two-factor authentication enabled for each particular service. 

So an administrator or security specialist in an organization who is interested in getting a handle on the kinds and number of remote-access services that are running on his network can enter any domains and subdomains he chooses into the search box and quickly get a list of them. 

“VPN Hunter discovers and classifies SSL VPNs from top vendors including Juniper, Cisco, Palo Alto, Citrix, Fortinet, F5, SonicWALL, Barracuda, Microsoft, and Array. VPN Hunter will also attempt to detect whether two-factor authentication is enabled on the target SSL VPNs,” the site says.

It’s not just VPNs that the system looks for, however. VPN Hunter also can find other systems like Outlook Web Access webmail portals, extranet portals and other remotely accessible services. Jon Oberheide, one of the founders of Duo Security, said that the company hasn’t done any large-scale scanning of domains to see which services typically are running, but that kind of scan may be in the plans for the near future.

Suggested articles

Drupal.org Resets Passwords After Data Breach

The Drupal Association is urging all users of Drupal.org and groups.drupal.org to reset their passwords after discovering an intrusion that breached files holding usernames, e-mail addresses, countries and hashed passwords. Sites that run on Drupal do not appear to be impacted, though the organization stressed an ongoing forensic review may reveal more details and victims. […]

Discussion

  • Robert on

    I think this has limited use when it can be used only for a single domain, the only use case I can think of is where I've scanned a network and found some interesting services but nmap can't identify them well, this might help there.

    Very little use as a fire and forget "check my network" type service at the moment

  • Agarax on

    This reads like an advertisement.  Fail.

     

  • WaLKer on

    Also... gave it a run on my domain, which has 26 points of entry for just SSL VPN... and "None Found"

     I guess I win. 

  • WaLKer on

    Also... gave it a run on my domain, which has 26 points of entry for just SSL VPN... and "None Found"

     I guess I win. 

  • Anonymous on

    Didn't find anything in a domain where I know there are multiples of each category. It returned so fast that it appears the chosen domain might be white/blacklisted.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.