After an embargo of 8 months, we are glad to finally share our USENIX Security '25 paper! We found more than 4 MILLION vulnerable tunneling servers by scanning the Internet.
These vulnerable servers can be abused as proxies to launch DDoS attacks and possibly to access internal networks.
These vulnerable servers can be abused as proxies to launch DDoS attacks and possibly to access internal networks.
Comments
IT admins can request access to our code to test servers (code is not yet public to prevent abuse): https://github.com/vanhoefm/tunneltester
Academic paper: https://papers.mathyvanhoef.com/usenix2025-tunnels.pdf