Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

y3dips hacking priv8 network

2,306 views

Published on

y3dips idsecconf 2010 Presentation - Hacking into private Networks

Published in: Technology
  • Be the first to comment

y3dips hacking priv8 network

  1. 1. Hacking into Bank priv8 Network y3dips@echo.or.id | y3dips.echo.or.id
  2. 2. Private Network • Old time: Infrastructure Deploy by banks • Present time: Public infrastructure usage - VPN
  3. 3. VPN • Just like a Phone call between 2 node over public phone infrastructure • Priv8 network service delivered over a public network infrastructure
  4. 4. VPN • a Virtual Private Network • l2tp, pptp, ipsec, ssl vpn, ssh based vpn (oepn vpn)
  5. 5. VPNVPN
  6. 6. Why Using VPN • Bank eagerly needed a private line! • Reducing Cost. • “It should be” Secure.
  7. 7. Why Attacking VPN • Yes, Its Private. • Is it Secure? (relatively). • The Most Dangerous place are the safest place. • Rely on the security product.
  8. 8. Hacking The IPSECs VPN
  9. 9. TheVPN Topology host client site client WEB server airport DB server Internet IPSEC Tunnel SITE-TO-SITE REMOTE ACCESS (software client)
  10. 10. The IPSECs
  11. 11. IPSEC
  12. 12. IPSEC • Set of Protocols. • AH, ESP, IKE, Encryption. • Layer 3, Network • udp 500, 4500, IP 50,51
  13. 13. Famous Issue with The IPSECs VPN
  14. 14. Cisco “password 7” type encoding = l33t :P
  15. 15. Core Issue ! supportforums.cisco.com
  16. 16. Aggressive Mode Issue • Quick Handshake. • Hash in Plaintext. • Dedicated IP not a mandatory. • User (ID) not a mandatory.
  17. 17. Well Known Tools • Ike-Scan • Ike-probe • IKEprober • ikecrack-snarf
  18. 18. Custom Tools?
  19. 19. How it works
  20. 20. What Next? • Crack the PSK with known Tools • psk-crack • Build Your Own Cracker (not so hard but not done :P)
  21. 21. Other Issue • Vendor Issue with the device/protocl implementation (!google) • Configuration Issue • Split tunneling • Transform Mode • Credential storing • Un-encrypted • Not Secure
  22. 22. host client site client WEB server airport DB server Internet IPSEC Tunnel SITE-TO-SITE REMOTE ACCESS (software client) [ Show Over ]
  23. 23. Survive • “Eliminate transport mode and the AH protocol, and fold authentication of the ciphertext into the ESP protocol, leaving only ESP in tunnel mode.” http://www.schneier.com/paper-ipsec.html
  24. 24. Survive • Dont Use PSK please :) • Disable Aggresive Mode in the device • Network Filtering • Never use Dynamic IP • Filter IP to connect to Gateway
  25. 25. Reference • PSK Cracking using IKE Aggressive Mode - Michael Thumann • IPSec VPN Design - Vijay Bollapragada, Mohamed Khalid, Scott Wainner • Great Old “google” also for “most of the” images.
  26. 26. Thanks @y3dips

×