Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Scanning for Microsoft Secure Socket Tunneling Protocol

Published: 2021-07-10
Last Updated: 2021-07-10 21:56:51 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

Over the past month I noticed a resurgence of probe by Digitalocean looking for the Microsoft (MS) Secure Socket Tunneling Protocol (SSTP). This MS proprietary VPN protocol is used to establish a secure connection via the Transport Layer Security (TLS) between a client and a VPN gateway. Additional information on this protocol available here.

Sample Log

20210710-062306: data
SSTP_DUPLEX_POST /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ HTTP/1.1
SSTPCORRELATIONID: {19730D60-90A0-4623-8C44-688D762AAA16}
Content-Length: 18446744073709551615
Host: XX.XX.28.221



Guy Bruneau IPSS Inc.
My Handler Page
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

Keywords: Scanning SSL VPN SSTP
0 comment(s)
Diary Archives