DeepAI AI Chat
Log In Sign Up

Characterizing the VPN Ecosystem in the Wild

by   Aniss Maghsoudlou, et al.
Max Planck Society

With the shift to working remotely after the COVID-19 pandemic, the use of Virtual Private Networks (VPNs) around the world has nearly doubled. Therefore, measuring the traffic and security aspects of the VPN ecosystem is more important now than ever. It is, however, challenging to detect and characterize VPN traffic since some VPN protocols use the same port number as web traffic and port-based traffic classification will not help. VPN users are also concerned about the vulnerabilities of their VPN connections due to privacy issues. In this paper, we aim at detecting and characterizing VPN servers in the wild, which facilitates detecting the VPN traffic. To this end, we perform Internet-wide active measurements to find VPN servers in the wild, and characterize them based on their vulnerabilities, certificates, locations, and fingerprinting. We find 9.8M VPN servers distributed around the world using OpenVPN, SSTP, PPTP, and IPsec, and analyze their vulnerability. We find SSTP to be the most vulnerable protocol with more than 90 vulnerable to TLS downgrade attacks. Of all the servers that respond to our VPN probes, 2 servers. We apply our list of VPN servers to the traffic from a large European ISP and observe that 2.6


page 1

page 2

page 3

page 4


Watching the Weak Link into Your Home: An Inspection and Monitoring Toolkit for TR-069

TR-069 is a standard for the remote management of end-user devices by se...

Large Scale Measurement on the Adoption of Encrypted DNS

Several encryption proposals for DNS have been presented since 2016, but...

European 5G Security in the Wild: Reality versus Expectations

5G cellular systems are slowly being deployed worldwide delivering the p...

Uncovering Vulnerable Industrial Control Systems from the Internet Core

Industrial control systems (ICS) are managed remotely with the help of d...

Website Fingerprinting on Early QUIC Traffic

Cryptographic protocols have been widely used to protect the user's priv...

Analyzing Enterprise DNS Traffic to Classify Assets and Track Cyber-Health

The Domain Name System (DNS) is a critical service that enables domain n...