Академический Документы
Профессиональный Документы
Культура Документы
Agenda
IKE Overview and Protocol Weaknesses Vendor Implementation Problems IKE Tools discussion and demo
Aggressive Mode ID
ID sent in clear- Well known problem IETF specifies that aggressive mode will send ID [UserID or GroupID] in clear Eavesdropper can collect remote access user IDs Some vendors have proprietary ways of hashing ID when using their client to hide ID Interoperability [SafeNet/PGPNet] requires IETF adherence ID leakage
5
Attack Process
Aggressive PSK Cracking
Cookie_I Initiator Cookie_R Responder SA_I+KE_I+Nonce_I+ID_I SA_R+KE_R+Nonce_R+ID_R+Hash_R [Hash_I] Assume MD5-HMAC for Hash function based on hash in SA
Responder Hash: HASH_R=MD5-HMAC(MD5-HMAC(Guessed PSK, Nonce_I + Nonce_R), resp DH pub, init DH pub + cookie_R + cookie_I + init SA header + resp ID header)
7
Attack Process
Main Mode PSK Cracking
Cookie_I Initiator Cookie_R Responder SA_I SA_R KE_I+Nonce_I KE_R+Nonce_R [ID_I] [ID_R] [Hash_I] [Hash_R] (Attacker)
10
Attack Process
Main Mode PSK Cracking
Collect public IKE values [Nonces, DH Public values, Cookies, headers, etc] and assume IDs are IP endpoint IPs Collect 1ST encrypted packet Calculate DH Secret Choose PSK value and calculate SYKEYID, SKEYID_d, KEYID_a, KEYID_e Generate IV from hash of DH Public values Decrypt packet with IV and SKEYID_e check for known plaintext to validate
11
Implementation Vulnerabilities
Cisco VPN Client 3.5 Cisco VPN Client 1.1 SafeNet/IRE SoftPK and SoftRemote PGPFreeware 7.03 - PGPNet
13
Tools
IKECrack aggressive mode PSK cracker IKEProbe IKE packet mangler
14
IKECrack
http://ikecrack.sourceforge.net
IKE PSK Cracker dictionary, hybrid, brute Simplistic implementation Aggressive mode only Must use IETF HASH_R calculations (RFC 2409) MD5 HMAC only 93K kps on 1.8ghz P4 PERL script that requires HMAC PerlMod and uses tcpdump x output for capture Its a hack, but it works.
15
IKEProber
http://ikecrack.sourceforge.net
Command-line utility for building arbitrary IKE packets Supports common IKE options and allows user specified data or repeated chars Useful for finding BoF problems with option parsing Used to find Cisco/PGPNet/Safenet probs Perl based and requires NetCat in Unix -Also a hack. Can also be used for user enumeration
16
Contact Info
IKE Tools and preso Download http://ikecrack.sourceforge.net Anton Rager arager@avaya.com Code criticism: This is proof-of-concept stuff -- fix it yourself
17