Bugtraq mailing list archives
Cracking preshared keys
From: Michael Thumann <mthumann () ernw de>
Date: Wed, 23 Apr 2003 11:35:15 +0100
Hi,we would like to announce the publication of a proof of concept paper 'PSK cracking using IKE Aggressive Mode'. Paper can be downloaded from www.ernw.de/download/pskattack.pdf .
The theoretical vulnerability about this topic is not new. While we were preparing a talk about VPN hacking we configured the lab that is described in the paper to do some kind of demonstration. We were able to capture and crack successfully PSKs of a cisco router due to the issue that the cisco router switches automatically to aggressive mode if the initiating clients demands it.
This attack depends on some conditions on the vpn gateway. 1. Preshared keys are use for authentication 2. The vpn gateway must allow any ip address to establish a vpn connection 3. The vpn gateway must support aggressive mode 4. Of course the psk must be weak to crack it in an acceptable amount of timeUnder these circimstances it's possible to capture and crack the preshared key of a vpn gateway and gain unauthorized access to private networks.
To prevent your vpn gateways from being compromised we suggest the following actions: - Don't use preshared key for authentication, if its possible. Otherwise ensure that you use very strong keys. - If possible, don't allow vpn connections from any ip address (difficult, I know). - Disable aggressive mode, if it's supported (for example in Checkpoint Firewall-1 where it's disabled per default).
cheers Michael ERNW Enno Rey Netzwerke GmbH - Zaehringerstr. 46 - 69115 Heidelberg Tel. +49 6221 480390 - Fax +49 6221 419008 - Mobil +49 173 6745903
Current thread:
- Cracking preshared keys Michael Thumann (Apr 23)
- Re: Cracking preshared keys Damir Rajnovic (Apr 23)
- Re: Cracking preshared keys Derek (Apr 24)
- Re: Cracking preshared keys Gary Flynn (Apr 24)
- Re: Cracking preshared keys Michael Thumann (Apr 24)
- Re: Cracking preshared keys Gary Flynn (Apr 24)
- Re: Cracking preshared keys Damir Rajnovic (Apr 23)
- Re: Cracking preshared keys David Wagner (Apr 24)
- Re: Cracking preshared keys Michael Thumann (Apr 24)
- Re: Cracking preshared keys Curt Sampson (Apr 25)
- Re: Cracking preshared keys Stefan Laudat (Apr 26)
- <Possible follow-ups>
- RE: Cracking preshared keys Rager, Anton (Anton) (Apr 24)