Security Basics mailing list archives
Re: VPN using aggressive mode
From: "Chris McNab" <chris.mcnab () trustmatta com>
Date: Sun, 23 Nov 2003 20:00:54 -0000
Hi, On Fri, 2003-11-21 at 21:58, Ranjeet Shetye wrote:
Irrespective of all this, ALL phase 1s are secure, and ALL phase 2s are secure. I would not worry about the cleartext transmission of the ID - it IS leakage of information and to be "worried" about from the standpoint of someone designing a protocol or an architecture, but its implications for a lay user are not so great.
This is incorrect. Aggressive mode IKE, if used with a pre-shared key (PSK), is vulnerable to a very serious remote attack. A _remote_ attacker can negotiate an aggressive mode connection to UDP/500, even if he does not know the PSK, and the PSK will be hashed (using MD5 or SHA1) and returned to him from the gateway. This hash can then be cracked offline, and access to the VPN granted. Michael Thumann put together a PDF documenting this attack step-by-step, available from: http://www.ernw.de/download/pskattack.pdf Obviously, the way to prevent this is two-fold: - Use digital certificates (or two-factor auth with hybrid mode IKE) instead of pre-shared keys. - Disable aggressive mode IKE support if you are using pre-shared keys. Regards, Chris Chris McNab Technical Director Matta Consulting 18 Noel Street London W1F 8GN http://www.trustmatta.com --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- VPN using aggressive mode Kevin Saenz (Nov 21)
- Re: VPN using aggressive mode Ranjeet Shetye (Nov 21)
- <Possible follow-ups>
- Re: VPN using aggressive mode Chris McNab (Nov 23)