logo

Port 1701 – L2TP (Layer 2 Tunneling Protocol)

Service:

l2tp

Protocol:

UDP

Port:

1701

Used for:

VPN and tunneling protocol

Why It’s Open

Port 1701 is used by the Layer 2 Tunneling Protocol (L2TP), which establishes virtual private network (VPN) connections. L2TP is often combined with IPsec for encryption. This protocol allows organizations to create secure tunnels for remote access to internal networks and is typically used for corporate VPN solutions and ISP network implementations.

Common Risks

  • Traffic interception
    Without proper encryption, L2TP traffic could be intercepted
  • Authentication bypass
    Weak authentication mechanisms can be compromised
  • Weak pre-shared keys
    Easily guessable PSKs compromise the security of the tunnel
  • Man-in-the-middle attacks
    Improper certificate validation enables traffic interception
  • Denial of Service
    L2TP servers can be vulnerable to resource exhaustion attacks
  • Tunnel hijacking
    Attackers may attempt to take over established tunnels

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

logo-cta

Enumeration & Testing

Service Detection:

Terminal window
nmap -sU -sV -p 1701

L2TP Testing:

Terminal window
ike-scan -M

Vulnerability Scan:

Terminal window
nmap --script ike-version -sU -p 1701

Check IPsec Configuration:

Terminal window
ike-scan --showbackoff

What to Look For

CheckpointWhat it means
Service versionIdentify software version and patch level
AuthenticationCheck for default or weak credentials
SSL/TLS configVerify encryption settings if applicable
Access controlsTest for proper authorization mechanisms

Mitigation

  • Always use IPsec with L2TP
    Never deploy L2TP without IPsec encryption
  • Implement strong PSKs
    Use complex pre-shared keys with sufficient entropy
  • Certificate validation
    Properly validate certificates to prevent MITM attacks
  • Implement rate limiting
    Prevent brute force and DoS attacks against the service
  • Use Multi-factor Authentication
    Require additional authentication factors beyond passwords
  • Monitor VPN connections
    Track and log all tunnel establishment and teardown events
  • Regular security audits
    Periodically test the security of your L2TP implementation

TL;DR

  • Port 1701 = Layer 2 Tunneling Protocol service
  • Protocol: UDP
  • Used for: VPN and tunneling protocol
  • Security focus: Proper configuration and monitoring required

Real World Example

In 2019, security researchers uncovered a vulnerability (CVE-2019-14899) that allowed attackers to determine if a user was connected to a VPN using L2TP/IPsec and to identify their IP address. The attack worked against several Linux, Unix, and BSD operating systems, and could be used to hijack active connections. This vulnerability highlighted the importance of keeping VPN software updated and implementing additional security layers beyond the basic L2TP/IPsec configuration.

Known CVEs and Exploits

  • CVE-2019-14899 – L2TP/IPSec VPN vulnerability allowing traffic injection and hijacking
  • CVE-2002-1139 – L2TP implementation buffer overflow vulnerability
  • CVE-2020-15778 – OpenVPN and L2TP client authentication bypass
  • Weak PSK vulnerabilities – Pre-shared key bruteforcing and dictionary attacks