Security Basics mailing list archives
Re: VPN using aggressive mode
From: Ranjeet Shetye <ranjeet.shetye2 () zultys com>
Date: Fri, 21 Nov 2003 13:58:02 -0800
On Fri, 2003-11-21 at 02:29, Kevin Saenz wrote:
I have been advised that and VPN using aggressive mode is vulnerable due to the ability of seeing a lot of clear text. Can anyone tell me what if aggressive mode using 3des and shar1 for phase1 and 3des and shar1 for phase2 mean anything when it comes to security. At the moment my understanding is that phase1 and phase2 means squat when you are using aggressive mode. Someone could get your passphrase and spoof your address if they really wanted your data.
1. Phase 1 sets up a secure channel for the IKE gateways to talk to each other. Done using one of two modes: Main Mode or Aggressive Mode. 2. Phase 2 sets up a secure channel for IPSec traffic to for the traffic flow between the two endpoints - via the two IKE(IPSec) gateways. Also called Quick Mode. 3. Your pre-shared secret (which is what I think you are referring to by passphrase) never goes out so no one will ever see it. If by passphrase, you are referring to a passphrase to unlock your private key to use X.509 certs for IKE, dont worry either - the passphrase is only used locally. There is NO place in the IKE or IPSec protocols for transmitting any passphrase/password/preshared-secret as a part of the negotiations - hence it CANNOT be transmitted. Authentication in pre-shared case happens using Diffie-Hellman (DH) which is used to verify local accessability to the pre-shared key. This key, along with other inputs and a nonce, undergoes a mathematical transformation using DH to come up with a number that both parties exchange to verify that the other party has access to the secret. 4. Now, an IKE ID does NOT have to be an IP address, it can be a USER_FQDN id which MUST be RFC822 compliant .e.g ranjeet.shetye () zultys com . Main Mode negotiation has 6 messages. Client -> Server Server -> Client Client -> Server Server -> Client Client -> Server Server -> Client Aggressive Mode has 3 messages. Client -> Server Server -> Client Client -> Server (note: client just means the party that initiated the exchange - could be another VPN gateway, not just a laptop). In Main mode, the Diffie-Hellman exchange (messages 3 and 4 in Main Mode) leads to the creation of encryption keys for the Phase 1 (ONE) channel, and these keys are used to protect the Identity-exchange (messages 5 and 6 in Main Mode). This protection is absent in Aggressive mode and hence the Phase 1 (ONE) IDs being exchanged are visible. e.g. In Main mode, you would see messages from my client laptop IP go to the IKE server, but you would not be able to see that the ID being used for Phase1 is ranjeet.shetye () zultys com . In Aggressive mode, this ID can be viewed cos the seperate stages are "squashed" together and hence the IDs cannot be protected by encryption. Irrespective of all this, ALL phase 1s are secure, and ALL phase 2s are secure. I would not worry about the cleartext transmission of the ID - it IS leakage of information and to be "worried" about from the standpoint of someone designing a protocol or an architecture, but its implications for a lay user are not so great. Personally, I prefer using only Main mode. In my opinion, Aggressive mode is a necessary hack to the lousy/ugly IKE protocol. Coming back to your question: 1. No, your passphrase CANNOT be transmitted at all by IKE. Dont worry. 2. Spoofing your IP can happen irrespective of IKE/IPSec etc. Worry in general context, not IKE specific context. -- Ranjeet Shetye Senior Software Engineer Zultys Technologies Ranjeet dot Shetye2 at Zultys dot com http://www.zultys.com/ The views, opinions, and judgements expressed in this message are solely those of the author. The message contents have not been reviewed or approved by Zultys. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- VPN using aggressive mode Kevin Saenz (Nov 21)
- Re: VPN using aggressive mode Ranjeet Shetye (Nov 21)
- <Possible follow-ups>
- Re: VPN using aggressive mode Chris McNab (Nov 23)