September 14, 2015
RedWolf Enhances VPN Testing
RedWolf has found that most organizations work to protect popular DDoS targets like web sites and DNS servers but often overlook their VPN services. The business impact on a VPN service can be equal or greater than an impact to a web site. To this end RedWolf has invested in improving the platform’s ability to test various types of VPN’s.
The most popular VPN’s that RedWolf has seen in 2015 are IPSEC and PPTP with a minority of SSL VPN’s. Surprisingly not all cloud providers (e.g. Microsoft Azure and Amazon EC2) allow every VPN protocol on their networks. If you use Amazon for instance IPSEC is not supported. RedWolf supports IPSEC from IBM Softlayer Cloud. If you want to do IPSEC testing you need to let RedWolf know so we can turn your agents up in the right cloud provider.
As usual, RedWolf likes to test ‘soft’ and ‘hard’ techniques against every service and it’s the same with VPN’s.
The preferred methodology covers the following points:
- Low-rate VPN discovery (TCP and UDP)
- IKE/ISAKMP: Low-rate ISAKMP fingerprinting to identify type of VPN server
- IKE/ISAKMP: Aggressive IKE flooding (Oakley, SKEME)
- IPSEC: IPSEC Protocol encapsulated packet flood
- PPTP: Usual set of SYN, Hanging TCP, Bad Protocol
- PPTP: MS-CHAP-v1, MS-CHAP-v2, PEAP flooding
- GRE: RedWolf can create a variety of GRE protocol floods.
RedWolf is always improving its VPN support. If you have a VPN configuration not listed above and want to test it support can usually be added in a few weeks.