The goal of this talk is to provide the results of passive and active fingerprinting for SD-WAN systems using a common threat intelligence approach. We explore Internet-based and cloud-based publicly available SD-WAN systems using the well-known «Shodan» and «Censys» search engines and custom developed automation tools and show that most of the SD-WAN systems have known vulnerabilities related to outdated software and insecure configuration.
Anton Nikolaev, Denis Kolegov, Oleg Broslavsky
11. Unfortunately, this talk is not about sophisticated hacking
techniques (cause you do not need them to hack SD-WAN)
This talk about how to find those
low-hanging fruits on the Internet?
12. The Main Questions
• How many SD-WAN nodes on the Internet?
• Do we need new techniques to scan
and fingerprint them?
• How to find vulnerable SD-WAN nodes?
53. Harvester Charts
But seriously, harvester can
build next pie charts by:
• vulnerabilities
• vendors
• products
• countries
• continents
https://github.com/sdnewhop/sdwan-
harvester/tree/master/samples
54.
55. Conclusions
• Many different vendors
and related products
have been found
• Most products are
susceptible to version
leakage
• More often products are
leaky and vulnerable
56. SD-WAN New Hope
https://github.com/sdnewhop/
• Sergey Gordeychik
• Denis Kolegov
• Oleg Broslavsky
• Max Gorbunov
• Nikita Oleksov
• Nikolay Tkachenko
• Anton Nikolaev
• SD-WAN Internet Census
• SD-WAN Harvester
• SD-WAN Infiltrator
• SD-WAN Threat Landscape