Penetration Testing mailing list archives

RE: Pen-Testing VPN

From: "Eric Hines" <eric.hines () fatelabs com>
Date: Fri, 4 Apr 2003 15:06:50 -0600

Darren:

Conducting risk assessments against VPN's are actually quite exciting,
just remember, VPNs are nothing more than fancy bridges.

Refer to my advisories I've written on circumventing VPNs (Avaya and
Rapidstream) at fatelabs.com

History has proven VPN vendors to do some really stupid things. For
example, I noticed SSHD was installed on Rapidstream appliance I was
doing an assessment on and found out they hard coded the root/rsadmin
account into the SSHD binary with no password.

Avaya/VPNet as well as other "unnamed" VPNs have severe problems in
their bridging code. Put a system one hop away from the outside of the
VPN (e.g. a dmz in front of a vpn) and set the default gateway of that
system to the vpn. The VPN will bridge traffic from the public side to
the private side without authentication. Several VPN vendors suffer from
this problem. 

I also refer you to a tool written by an engineer at Avaya called
IKEcrack:
http://ikecrack.sourceforge.net/


Good luck.

Eric Hines
Internet Warfare and Intelligence
Fate Research Labs
http://www.fatelabs.com


-----Original Message-----
From: Darren Beattie [mailto:darren.beattie () blueyonder co uk] 
Sent: Thursday, April 03, 2003 12:43 PM
To: pen-test () securityfocus com
Subject: Pen-Testing VPN




Hi All,

I use various scanners and tools to test firewalls and servers. I will 
testing a firewall that has VPNs connected to it. I am wandering how to 
test the VPN for security. I am sure that I could see the vpn port on
the 
firewall, listening for connections.

I would like to establish a VPN tunnel and 'hit it' to see how secure it

really is.

I would like some help in identifying any tools out there that would
allow 
me to carry this out.

Regards,

Darren

top spam and e-mail risk at the gateway.
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it. See exactly how much junk never
even makes it in the door. Free 30-day trial:
http://www.securityfocus.com/SurfControl-pen-test



top spam and e-mail risk at the gateway.
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it. See exactly how much
junk never even makes it in the door. Free 30-day trial:
http://www.securityfocus.com/SurfControl-pen-test

Current thread:

Pen-Testing VPN Darren Beattie (Apr 03)
- RE: Pen-Testing VPN Rob Shein (Apr 03)
  - Re: Pen-Testing VPN Peter Van Epp (Apr 03)
    - Re: Pen-Testing VPN Matthew Franz (Apr 06)
- RE: Pen-Testing VPN Eric Hines (Apr 05)
- <Possible follow-ups>
- RE: Pen-Testing VPN Lambott (Apr 03)