Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

NTA Monitor releases IKE-scan tool for VPN scanning and identification

NTA Monitor, Europe’s leading Internet security testing company, has launched a tool to enable network administrators to scan and identify virtual private network (VPN) servers within their networks. The security-auditing tool will enable users to take corrective action if they identify VPN servers that have known flaws.

The NTA Monitor VPN Fingerprinting tool (IKE Scan) exploits transport characteristics in the Internet Key Exchange (IKE) service, the mechanism used by VPNs to establish a connection between a server and a remote client.

The IKE Scan tool scans IP addresses for VPN servers by sending a specially crafted IKE packet to each host within a network. Most hosts running IKE will respond, identifying their presence. The tool then remains silent and monitors retransmission packets. These retransmission responses are recorded, displayed and matched against a known set of VPN product fingerprints.

NTA Monitor has identified that there is no standard for how IKE handles retransmission, in terms of delay before retransmission, frequency of retransmission and number of retransmissions. Each VPN vendor uses a different set of variables in its own products, resulting in a unique signature for each VPN product.

NTA Monitor cautions network administrators to ensure that all VPNs in their network are running the manufacturer’s latest secure software release. This guidance follows a series of high profile VPN vulnerabilities identified by NTA Monitor and other security vendors in the last few months.

The NTA Monitor IKE Scan tool currently identifies VPNs from manufacturers including Checkpoint, Cisco, Microsoft, Nortel, and Watchguard. The detection of these products does not imply that any particular product is at fault, more that these are among the most commonly found VPN products. NTA Monitor aims to release updated versions of the IKE Scan tool, as more VPN server signatures are developed through in-house development and contributions from the security community.

“VPNs have been assumed to be an invisible and secure method of communication between a server and a remote connection. But such thinking is naive. NTA Monitor’s IKE Scan tool shows that VPNs cannot only be discovered but the manufacturer, and sometimes the version, can also identified. Network administrators need to ensure that they are aware of VPNs configured within their network and ensure that they are using the latest secure software release,” said Roy Hills, technical director, NTA Monitor.

The NTA Monitor IKE Scan tool has been developed by technical director Roy Hills and is being released by NTA Monitor under the GNU General Public Licence (GPL). The tool and a white paper describing the issue of VPN backoff fingerprinting can be downloaded from NTA Monitor’s Web site at:

VPNs are much used today to provide remote offices or individual users with secure access to their organisations. A VPN works by using a shared public network while maintaining privacy through security procedures and encrypting data in transit. In effect, the tunneling protocols used, encrypt data at the sending end and decrypt it at the receiving end. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses.

About NTA Monitor

NTA Monitor, is the European market leader in Internet security testing with a customer base of over 330 blue-chip clients in Europe and Asia, across all sectors. The company focuses on Internet security, providing a range of security services extending to: testing, consultancy and perimeter protection solutions, to help prevent unauthorised access to private company networks and data. Its core testing services include Regular Monitor for external Internet penetration, eCommerce service for application security, On-site Perimeter Audit service for additional layers of Internet security assurance, and War Dialling to detect rogue modems.

Media contacts

Natalie Wade

NTA Monitor

Telephone: +44 (0) 1634 721855


Rebecca Honeyman/Stephen Waddington

Rainier PR

Telephone: +44 (0) 20 7494 6570


This press release was distributed by ResponseSource Press Release Wire on behalf of Speed Communications in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit