In association with heise online

Too fast

It is perhaps a matter of opinion as to whether the disclosure of such information should be considered a security problem. The operator of a VPN has a real problem if hackers manage to crack authentication and log in at the gateway. Under certain circumstances, however, this may not even be difficult -- for example, if a pre-shared key (PSK) is used for authentication and the gateway is working in "aggressive mode." Aggressive mode shortens the IKE handshake for the exchange of keys to speed things up. Instead of the six packets used in the conservative main mode, only three are transmitted. But speeding things up this way comes at a price: the aggressive mode is vulnerable to targeted attacks.

For authentication, the gateway transmits a hash value derived from the PSK through the network. As this hash is not encrypted, it may be possible to reconstruct the pre-shared key in dictionary attack or brute-force attack [2]. Depending on the quality of the keys, the attack may be successful in just a few minutes, a few months, or a few years. It is not especially hard to get the hash: the VPN gateway transmits it through the network in the aggressive mode during an attempt to contact a VPN client.

Script kiddy

The IKEProbe developed by ERNW scans VPNs for weak spots and can be used to find such holes in IPSec VPN Gateways [3]. To do so, the tool simulates a VPN client and attempts an IKE handshake in the aggressive mode. It tests all of the IKE parameters supported and checks whether the gateway transmits the PSK hash. As soon as a response comes, the gateway is vulnerable. A scan of a vulnerable gateway with IKEProbe might look like this:

IKE Aggressive Mode PSK Vulnerability Scanner
Supported Attributes
Ciphers : DES, 3DES, AES-128, CAST
Hashes : MD5, SHA1
Diffie Hellman Groups: DH Groups 1, 2 and 5
IKE Proposal for Peer:
Aggressive Mode activated ...  
Attribute Settings:
Cipher DES
Hash SHA1
Diffie Hellman Group 1
0.000 3: ph1_initiated(00443ee0, 00384708)
0.010 3: < ph1 (00443ee0, 244)
0.030 3: > 40
0.030 2: sx_recv_notify: invalid doi
2.532 3: < ph1 (00443ee0, 244)
5.537 3: < ph1 (00443ee0, 244)
8.541 3: ph1_disposed(00443ee0)
Attribute Settings:
Cipher 3DES
Hash SHA1
Diffie Hellman Group 5
64.551 3: ph1_initiated(00443ee0, 00384708)
64.662 3: < ph1 (00443ee0, 340)
64.692 3: > 328
64.842 3: ph1_get_psk(00443ee0)
System is vulnerable!!
Print Version | Permalink:
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit