Hacking into Bank
priv8 Network
y3dips@echo.or.id | y3dips.echo.or.id
Private Network
• Old time: Infrastructure Deploy by
banks
• Present time: Public infrastructure
usage - VPN
VPN
• Just like a Phone call between 2 node
over public phone infrastructure
• Priv8 network service delivered over
a publ...
VPN
• a Virtual Private Network
• l2tp, pptp, ipsec, ssl vpn, ssh based
vpn (oepn vpn)
VPNVPN
Why Using VPN
• Bank eagerly needed a private line!
• Reducing Cost.
• “It should be” Secure.
Why Attacking VPN
• Yes, Its Private.
• Is it Secure? (relatively).
• The Most Dangerous place are the
safest place.
• Rel...
Hacking
The IPSECs VPN
TheVPN Topology
host client
site client
WEB server
airport
DB server
Internet
IPSEC Tunnel
SITE-TO-SITE
REMOTE ACCESS
(sof...
The IPSECs
IPSEC
IPSEC
• Set of Protocols.
• AH, ESP, IKE, Encryption.
• Layer 3, Network
• udp 500, 4500, IP 50,51
Famous Issue with
The IPSECs VPN
Cisco “password 7” type encoding = l33t :P
Core Issue !
supportforums.cisco.com
Aggressive Mode Issue
• Quick Handshake.
• Hash in Plaintext.
• Dedicated IP not a mandatory.
• User (ID) not a mandatory.
Well Known Tools
• Ike-Scan
• Ike-probe
• IKEprober
• ikecrack-snarf
Custom Tools?
How it works
What Next?
• Crack the PSK with known Tools
• psk-crack
• Build Your Own Cracker (not so hard but not done :P)
Other Issue
• Vendor Issue with the device/protocl
implementation (!google)
• Configuration Issue
• Split tunneling
• Trans...
host client
site client
WEB server
airport
DB server
Internet
IPSEC Tunnel
SITE-TO-SITE
REMOTE ACCESS
(software client)
[ ...
Survive
• “Eliminate transport mode and the AH protocol,
and fold authentication of the ciphertext into the
ESP protocol, ...
Survive
• Dont Use PSK please :)
• Disable Aggresive Mode in the device
• Network Filtering
• Never use Dynamic IP
• Filte...
Reference
• PSK Cracking using IKE Aggressive Mode - Michael
Thumann
• IPSec VPN Design - Vijay Bollapragada, Mohamed Khal...
Thanks
@y3dips
idsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 network
Upcoming SlideShare
Loading in...5
×

idsecconf2010-hacking priv8 network

1,665

Published on

This Paper Presented at IDSECCONF2010

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,665
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
129
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

idsecconf2010-hacking priv8 network

  1. 1. Hacking into Bank priv8 Network y3dips@echo.or.id | y3dips.echo.or.id
  2. 2. Private Network • Old time: Infrastructure Deploy by banks • Present time: Public infrastructure usage - VPN
  3. 3. VPN • Just like a Phone call between 2 node over public phone infrastructure • Priv8 network service delivered over a public network infrastructure
  4. 4. VPN • a Virtual Private Network • l2tp, pptp, ipsec, ssl vpn, ssh based vpn (oepn vpn)
  5. 5. VPNVPN
  6. 6. Why Using VPN • Bank eagerly needed a private line! • Reducing Cost. • “It should be” Secure.
  7. 7. Why Attacking VPN • Yes, Its Private. • Is it Secure? (relatively). • The Most Dangerous place are the safest place. • Rely on the security product.
  8. 8. Hacking The IPSECs VPN
  9. 9. TheVPN Topology host client site client WEB server airport DB server Internet IPSEC Tunnel SITE-TO-SITE REMOTE ACCESS (software client)
  10. 10. The IPSECs
  11. 11. IPSEC
  12. 12. IPSEC • Set of Protocols. • AH, ESP, IKE, Encryption. • Layer 3, Network • udp 500, 4500, IP 50,51
  13. 13. Famous Issue with The IPSECs VPN
  14. 14. Cisco “password 7” type encoding = l33t :P
  15. 15. Core Issue ! supportforums.cisco.com
  16. 16. Aggressive Mode Issue • Quick Handshake. • Hash in Plaintext. • Dedicated IP not a mandatory. • User (ID) not a mandatory.
  17. 17. Well Known Tools • Ike-Scan • Ike-probe • IKEprober • ikecrack-snarf
  18. 18. Custom Tools?
  19. 19. How it works
  20. 20. What Next? • Crack the PSK with known Tools • psk-crack • Build Your Own Cracker (not so hard but not done :P)
  21. 21. Other Issue • Vendor Issue with the device/protocl implementation (!google) • Configuration Issue • Split tunneling • Transform Mode • Credential storing • Un-encrypted • Not Secure
  22. 22. host client site client WEB server airport DB server Internet IPSEC Tunnel SITE-TO-SITE REMOTE ACCESS (software client) [ Show Over ]
  23. 23. Survive • “Eliminate transport mode and the AH protocol, and fold authentication of the ciphertext into the ESP protocol, leaving only ESP in tunnel mode.” http://www.schneier.com/paper-ipsec.html
  24. 24. Survive • Dont Use PSK please :) • Disable Aggresive Mode in the device • Network Filtering • Never use Dynamic IP • Filter IP to connect to Gateway
  25. 25. Reference • PSK Cracking using IKE Aggressive Mode - Michael Thumann • IPSec VPN Design - Vijay Bollapragada, Mohamed Khalid, Scott Wainner • Great Old “google” also for “most of the” images.
  26. 26. Thanks @y3dips
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×