Download as PDF, PPTX
![host client
site client
WEB server
airport
DB server
Internet
IPSEC Tunnel
SITE-TO-SITE
REMOTE ACCESS
(software client)
[ Show Over ]](https://image.slidesharecdn.com/y3dips-hackingpr8network-101024222014-phpapp02/85/y3dips-hacking-priv8-network-24-320.jpg)
Uploaded byidsecconf
y3dips hacking priv8 network
This document discusses hacking into IPSec VPNs used by banks. It describes how banks previously used private networks but now rely on VPNs to connect over public infrastructure like the internet in a more cost effective way. However, VPNs are only relatively secure and rely on the security of the protocols and devices used. The document goes on to describe how IPSec VPNs can be vulnerable through issues with aggressive mode authentication and use of pre-shared keys, and provides information on tools that can crack pre-shared keys over aggressive mode. It recommends ways to improve security such as disabling aggressive mode and using certificates instead of pre-shared keys.
More Related Content
Similar to y3dips hacking priv8 network
y3dips hacking priv8 network
- 1. Hacking into Bank priv8Network y3dips@echo.or.id | y3dips.echo.or.id
- 3. Private Network • Oldtime: Infrastructure Deploy by banks • Present time: Public infrastructure usage - VPN
- 5. VPN • Just likea Phone call between 2 node over public phone infrastructure • Priv8 network service delivered over a public network infrastructure
- 6. VPN • a VirtualPrivate Network • l2tp, pptp, ipsec, ssl vpn, ssh based vpn (oepn vpn)
- 7.
- 8. Why Using VPN •Bank eagerly needed a private line! • Reducing Cost. • “It should be” Secure.
- 9. Why Attacking VPN •Yes, Its Private. • Is it Secure? (relatively). • The Most Dangerous place are the safest place. • Rely on the security product.
- 10.
- 11. TheVPN Topology host client siteclient WEB server airport DB server Internet IPSEC Tunnel SITE-TO-SITE REMOTE ACCESS (software client)
- 12.
- 13.
- 14. IPSEC • Set ofProtocols. • AH, ESP, IKE, Encryption. • Layer 3, Network • udp 500, 4500, IP 50,51
- 15. Famous Issue with TheIPSECs VPN
- 16. Cisco “password 7”type encoding = l33t :P
- 17.
- 18. Aggressive Mode Issue •Quick Handshake. • Hash in Plaintext. • Dedicated IP not a mandatory. • User (ID) not a mandatory.
- 19. Well Known Tools •Ike-Scan • Ike-probe • IKEprober • ikecrack-snarf
- 20.
- 21.
- 22. What Next? • Crackthe PSK with known Tools • psk-crack • Build Your Own Cracker (not so hard but not done :P)
- 23. Other Issue • VendorIssue with the device/protocl implementation (!google) • Configuration Issue • Split tunneling • Transform Mode • Credential storing • Un-encrypted • Not Secure
- 24. host client site client WEBserver airport DB server Internet IPSEC Tunnel SITE-TO-SITE REMOTE ACCESS (software client) [ Show Over ]
- 26. Survive • “Eliminate transportmode and the AH protocol, and fold authentication of the ciphertext into the ESP protocol, leaving only ESP in tunnel mode.” http://www.schneier.com/paper-ipsec.html
- 27. Survive • Dont UsePSK please :) • Disable Aggresive Mode in the device • Network Filtering • Never use Dynamic IP • Filter IP to connect to Gateway
- 29. Reference • PSK Crackingusing IKE Aggressive Mode - Michael Thumann • IPSec VPN Design - Vijay Bollapragada, Mohamed Khalid, Scott Wainner • Great Old “google” also for “most of the” images.
- 30.