Wireguard and vulnerability scanning
alex at secureideas.com
Mon Mar 11 14:10:51 CET 2019
Hi wireguard team and list,
I wanted to reach out and ask a question about using wireguard for vulnerability scanning through a host onto a network. Similar to this: https://www.kali.org/tutorials/wireguard-on-kali/
I am still new to wireguard in general, but I have heard about a lot of good things about it from a few of my linux podcasts, and I wanted to implement it to solve a problem that I had attempted to solve before but couldn't reliable do it since the other vpn solutions are so slow and could drop packets from latency.
I setup wireguard similar to how the offensive security article describes (above), and everything appeared to be working. I could ping the hosts on the different network and I could nmap them while getting accurate information. Then I went to go use a vulnerability scanning tool (Nessus), and I noticed that it didn't really pick up anything on the other side of tunnel. I was doing some tcpdumps on the interfaces and from what I could tell, all the udp traffic would make it over fine but none of the tcp requests would get sent to the other side (through the tunnel) properly. The wireguard server side (where I started the scan from), would try to send it but the host we were scanning through (client of the vpn) wouldn't ever receive any of the syn packets.
So there were a few things that we thought might be wrong and I wanted to email you all and see what you thought.
1) nessus isn't sending packets right with whatever they are doing while scanning, and so I am in communication with Tenable (people who own nessus) to see if that is the issue.
2) there were a few tcp option that were missing from the nessus packets that nmap had, and one of the consistent was the timestamp option. We talked to them about that, and they have a reason why they don't send it, but would wireguard discard a packet if it doesn't have a timestamp tcp option?
3) Lastly I saw a ratelimiter.c and saw there was a packet_per_seconds variable defined. So could that be throttling the connections that Nessus is trying to send? If so, if I adjust that and recompile will that break things? For this to work Nessus will send lots of packets at a time.
Those were just a few things that I thought could be affecting it, but I could also be completely wrong. I look forward to the discussion, and let me know if there is anything I can do to help. Thank you so much for this project it really awesome!!
Secure Ideas, LLC - Professionally Evil ®
Cell: 980-277-2746 / Office: 866-404-7837 x741
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the WireGuard