On this website we present our paper Characterizing the VPN Ecosystem in the Wild published at the Passive and Active Measurement Conference 2023 and our custom VPN scan modules.
On this website we present our paper Characterizing the VPN Ecosystem in the Wild published at the Passive and Active Measurement Conference 2023 and our custom VPN scan modules.
Abstract. With the increase of remote working during and after the COVID-19 pandemic, the use of Virtual Private Networks (VPNs) around the world has nearly doubled. Therefore, measuring the traffic and security aspects of the VPN ecosystem is more important now than ever. VPN users rely on the security of VPN solutions, to protect private and corporate communication. Thus a good understanding of the security state of VPN servers is crucial. Moreover, properly detecting and characterizing VPN traffic remains challenging, since some VPN protocols use the same port number as web traffic and port-based traffic classification will not help. In this paper, we aim at detecting and characterizing VPN servers in the wild, which facilitates detecting the VPN traffic. To this end, we perform Internet-wide active measurements to find VPN servers in the wild, and analyze their cryptographic certificates, vulnerabilities, locations, and fingerprints. We find 9.8M VPN servers distributed around the world using OpenVPN, SSTP, PPTP, and IPsec, and analyze their vulnerability. We find SSTP to be the most vulnerable protocol with more than 90% of detected servers being vulnerable to TLS downgrade attacks. Out of all the servers that respond to our VPN probes, 2% also respond to HTTP probes and therefore are classified as Web servers. Finally, we use our list of VPN servers to identify VPN traffic in a large European ISP and observe that 2.6% of all traffic is related to these VPN servers.
Authors. Aniss Maghsoudlou, Lukas Vermeulen, Ingmar Poese, and Oliver Gasser.
We developed custom ZGrab2 modules to allow scanning of the following VPN protocols: SSTP, OpenVPN over TCP, and PPTP. We publish our custom VPN scan modules on GitHub for fellow researchers.
We publish data and scripts to reproduce our analysis at the Open Research Data Repository of the Max Planck Society to guarantee long-term availability.
Dataset DOI. 10.17617/3.NZUPN4
You can contact us at vpnecosystem@mpi-inf.mpg.de.