Re: Pen-Testing VPN

[Matthew Franz <mdfranz () io com>]

The presentation is at http://www.io.com/~mdfranz/papers/howsecure.ppt and 
the last dozen or so slides deal with potential IKE security issues. I 
don't think the 12 byte issue was in the prezo, but similar malformed 
IKE/AH/ESP messages can be generated with udpsic and isic.

- mdf

>       While I don't remember if it included tools, there was a paper on 
> pen-testing an IPSEC gateway at the Cansecwest conference 2 years ago. The
> gist of it was that it is possible to cause a (defeatable) denial of service
> in the first 12 bytes of an initial connection it was otherwise pretty 
> secure. That of course doesn't necessarily go for the management web interface
> on the VPN gateway (there was also a paper on penetrating those at the same
> conference). That should at least give you a place to start poking :-).
> I believe the web site is www.cansecwest.com (google will find it in any case).
>
> Peter Van Epp / Operations and Technical Support 
> Simon Fraser University, Burnaby, B.C. Canada
>
> top spam and e-mail risk at the gateway.
> SurfControl E-mail Filter puts the brakes on spam & viruses
> and gives you the reports to prove it. See exactly how much
> junk never even makes it in the door. Free 30-day trial:
> http://www.securityfocus.com/SurfControl-pen-test

top spam and e-mail risk at the gateway.
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it. See exactly how much
junk never even makes it in the door. Free 30-day trial:
http://www.securityfocus.com/SurfControl-pen-test