Back to list
Open VPN for PEN testing
Sep 17 2013 06:07PM
ToddAndMargo (ToddAndMargo zoho com)
Re: Open VPN for PEN testing
Sep 18 2013 01:05PM
Luis Lezcano Airaldi (luislezcair gmail com)
On Tue, Sep 17, 2013 at 11:07:06AM -0700, ToddAndMargo wrote:
> Hi All,
> I have heard several folks say that they use Open VPN for human
> penetration testing.
> Reference: https://www.pcisecuritystandards.org/pdfs/infosupp_11_3_penetration_test
> I apparently did not pay close enough attention. I figured that Open
> VPN would get you past the firewall and the multilayer switch. Which
> sounded right to me. Use Open VPN to create a connection to the
> computer and/or network to be tested. Then test the
> computer/network with nmap, Metasploit, etc.
> But, if I remember correctly, they also said they used Open VPN
> as a direct attack mechanism to try to break into ports. Not as
> a mechanism to gain access to the computer/network.
> Am I missing something? Can Open VPN actually be used as an attack
> mechanism (nmap, metasploit) to test a computer/network?
Hi! Sometimes, enterprises use VPN to let employees connect to the local
network from their homes. So it is logical to try to break into the local
network using their credentials.
Also, VPNs are used as a way to gain certain degree of anonimity. So your
connection cannot be easyly tracked back to you, if there's some sysadmin
Hope this helps.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
-----END PGP SIGNATURE-----
[ reply ]
Copyright 2010, SecurityFocus