Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Identifies servers running various SSL VPNs. (They should really be called "TLS-based" VPNs, but "SSL VPN" has become the de facto standard jargon.) Currently it can recognize…
Requires Python 3, pip
, and requests
:
$ pip3 install https://github.com/dlenski/what-vpn/archive/master.zip
...
$ what-vpn
usage: what-vpn [-h] [-k] [-t SEC] [-v | -c] server [server ...]
what-vpn: error: the following arguments are required: server
$ what-vpn vpn.colorado.edu vpn.northeastern.edu \
vpn.tnstate.edu vpn.smith.edu vpn.caltech.edu \
vpn.yale.edu vpn.drew.edu vpn.uca.edu vpn.simmons.edu \
vpn.nl.edu cpvpn.its.hawaii.edu ssl-vpn.***.com \
viavpn.luther.edu
vpn.colorado.edu: AnyConnect/OpenConnect (Cisco)
vpn.northeastern.edu: PAN GlobalProtect (portal)
vpn.tnstate.edu: PAN GlobalProtect (portal+gateway)
vpn.smith.edu: Juniper Network Connect
vpn.caltech.edu: AnyConnect/OpenConnect (Cisco, ASA (9.1(6)6))
vpn.yale.edu: AnyConnect/OpenConnect (Cisco, ASA (8.4(5)))
vpn.uca.edu: Barracuda (2017)
vpn.simmons.edu: Check Point (2015, 20%)
vpn.nl.edu: Check Point
cpvpn.its.hawaii.edu: Check Point
vpn.***.com: Array Networks (40%)
ssl-vpn.***.com: no match
viavpn.luther.edu Aruba VIA (80%)
$ what-vpn -kv vpn.***.com
Sniffing ***.***.com ...
Is it AnyConnect/OpenConnect? ocserv, 0.8.0-0.11.6
Is it Juniper Network Connect? no match
Is it PAN GlobalProtect? no match
Is it Barracuda? no match
Is it Check Point? no match
Is it SSTP? no match
Is it OpenVPN? no match
=> AnyConnect/OpenConnect (ocserv, 0.8.0-0.11.6)
An interesting question for the open source community, including the indispensable OpenConnect (which I also contribute to) is…
What are the most commonly-used SSL VPN protocols in the real world?
In April 2019, I took a list of major universities and companies in the USA, and
generated some guesses for the hostnames of their VPN endpoints
(e.g. {vpn,ssl-vpn,sslvpn}.*.{edu,com}
). I then used what-vpn
to probe them all
and looked at the subset of the results that matched to an identifiable SSL
VPN protocol:
1 Check Point
1 Citrix (manually inspected, don't know how to reliably autodetect)
1 OpenVPN
5 Dell or SonicWall (manually inspected, didn't know how to reliably autodetect at the time
7 Fortinet
7 Barracuda
8 F5 (manually inspected, didn't know how to reliably autodetect at this time)
14 SSTP
53 PAN GlobalProtect (portal and/or gateway)
72 Juniper Network Connect (or Junos/Pulse, hard to distinguish)
243 Cisco AnyConnect (including 1 ocserv)
Assuming these results are roughly representative of “SSL VPN” deployments
in general (at least in the USA), they show that OpenConnect already supports
the top 3 most commonly-encountered SSL VPN protocols, or about 80% of SSL VPNs.
Additionally Microsoft SSTP is supported by the open-source
sstp-client
,
and of course OpenVPN is well-supported by open-source clients as well.
(Excerpted from this post on the OpenConnect mailing list)
I repeated this analysis in February 2021 (after having implemented F5, SonicWall NX, and Array Networks sniffers, and
having improved several others). This time, I expanded the pool of names to include
{vpn,ssl-vpn,sslvpn,remote,vpn2,new.vpn,access}.*.{edu,com}
. Here are the 2021 results for servers that matched to
an identifiable SSL VPN protocol:
1 Array Networks
4 Barracuda
4 Check Point
6 SonicWall NX
8 OpenVPN
14 SSTP
21 F5 BigIP
29 Fortinet
83 Pulse Secure (most also support the older Juniper protocol)
103 PAN GlobalProtect (includes 7 servers that behave in a slightly odd way)
298 Cisco AnyConnect (no ocserv found this time)
We've recently added support in OpenConnect for Fortinet and F5 BigIP (with support for SonicWall NX coming soon). Combined with AnyConnect, GlobalProtect, and Pulse/Juniper, this means that OpenConnect now supports 5 of the most highly-used SSL VPN protocols.
Assuming again that these results are roughly representative of “SSL VPN” deployments in general (at least in the USA). That means that OpenConnect now supports almost 93% of SSL VPNs in real-world use.
GPLv3 or later
FAQs
Identify servers running various SSL VPNs
We found that what-vpn demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.