Authentication and Tunnel Establishment in IPSec VPNs
QR-Code Creator In None
Using Barcode encoder for Software Control to generate, create QR image in Software applications.
Decode QR Code In None
Using Barcode decoder for Software Control to read, scan read, scan image in Software applications.
IPSec employs the Internet Key Exchange (IKE) protocol for authentication as well as key and tunnel establishment IKE is split into two phases, each of which has its own distinct purpose IKE Phase 1 IKE Phase 1 s main purpose is to authenticate the two communicating parties with each other and then set up a secure channel for IKE Phase 2 This can be done in one of two ways: Main mode or Aggressive mode Main mode In three two-way handshakes (a total of 6 messages), Main mode authenticates both parties to each other This process rst establishes a secure channel in which authentication information is then exchanged securely between the two parties Aggressive mode In only three messages, Aggressive mode accomplishes the same overall goal of main mode but in a faster, notably less secure fashion Aggressive mode does not provide a secure channel to protect authentication information which ultimately exposes it to eavesdropping attacks IKE Phase 2 IKE Phase 2 s final aim is to establish the IPSec tunnel, which it does with the help of IKE Phase 1
Making Denso QR Bar Code In C#
Using Barcode drawer for VS .NET Control to generate, create QR Code JIS X 0510 image in .NET framework applications.
QR Code 2d Barcode Creation In .NET
Using Barcode drawer for ASP.NET Control to generate, create QR Code 2d barcode image in ASP.NET applications.
Printing QR-Code In Visual Studio .NET
Using Barcode drawer for .NET Control to generate, create QR image in .NET applications.
Generate Quick Response Code In Visual Basic .NET
Using Barcode generation for Visual Studio .NET Control to generate, create QR image in .NET framework applications.
Remote Connectivity and VoIP Hacking
GTIN - 13 Printer In None
Using Barcode printer for Software Control to generate, create UPC - 13 image in Software applications.
UPC-A Drawer In None
Using Barcode maker for Software Control to generate, create UPC-A image in Software applications.
Google Hacking for VPN
ECC200 Printer In None
Using Barcode printer for Software Control to generate, create DataMatrix image in Software applications.
Barcode Generation In None
Using Barcode maker for Software Control to generate, create bar code image in Software applications.
Popularity: Simplicity: Impact: Risk Rating: 8 6 8 7
Print ANSI/AIM Code 39 In None
Using Barcode encoder for Software Control to generate, create Code 3 of 9 image in Software applications.
GTIN - 128 Generation In None
Using Barcode encoder for Software Control to generate, create EAN / UCC - 14 image in Software applications.
As demonstrated in the footprinting and information gathering sections of this book, Google hacking can be a simple attack vector that has potential to provide devastating results One particular VPN related Google hack is filetype:pcf The PCF file extension is commonly used to store profile settings for the Cisco VPN client, an extremely popular client used in enterprise deployments These configuration files can contain sensitive information such as the IP address of the VPN gateway, usernames, and passwords Using filetype:pcf site:elec0necom, we can run a focused search for all PCF files stored on our target domain (Figure 6-8)
Paint 2 Of 5 Standard In None
Using Barcode generator for Software Control to generate, create 2 of 5 Industrial image in Software applications.
EAN-13 Supplement 5 Scanner In Visual Basic .NET
Using Barcode decoder for .NET framework Control to read, scan read, scan image in Visual Studio .NET applications.
Figure 6-8 Google hacking for PCF con guration les
ANSI/AIM Code 128 Printer In None
Using Barcode maker for Font Control to generate, create Code 128C image in Font applications.
UCC - 12 Creator In Visual Studio .NET
Using Barcode encoder for Reporting Service Control to generate, create USS-128 image in Reporting Service applications.
Hacking Exposed 6: Network Security Secrets & Solutions
USS Code 39 Decoder In Visual Basic .NET
Using Barcode reader for Visual Studio .NET Control to read, scan read, scan image in VS .NET applications.
Printing GS1 DataBar Stacked In Java
Using Barcode creation for Java Control to generate, create GS1 DataBar Limited image in Java applications.
With this information, an attacker can download the Cisco VPN Client, import the PCF, connect to the target network via VPN, and launch further attacks on the internal network! The passwords stored within the PCF file can also be used for password reuse attacks It should be noted that the passwords are obfuscated using the Cisco password 7 type encoding; however, this mechanism is easily defeated using a number of tools such as Cain (as shown in Figure 6-9)
Bar Code Maker In Objective-C
Using Barcode generation for iPhone Control to generate, create barcode image in iPhone applications.
Bar Code Maker In None
Using Barcode encoder for Microsoft Excel Control to generate, create barcode image in Microsoft Excel applications.
Google Hacking for VPN Countermeasures
The best mechanism to defend against Google hacking is user awareness Those in charge of publishing web content should understand the risks associated with putting any item of information on the Internet With proper awareness in place, an organization can do annual checkups to search for sensitive information on their websites Targeted searches can be performed using the "site:" operator; however, that may cloud your view
Figure 6-9 Decoding the Cisco password 7 encoded passwords with Cain
Remote Connectivity and VoIP Hacking
pertaining to the disclosure of information about your organization on other sites Google also has Google Alerts, which will send you an e-mail every time a new item is added to Google s cache which matches your search criteria See http://wwwgooglecom/ alerts for more information on Google Alerts
Probing IPSec VPN Servers
Popularity: Simplicity: Impact: Risk Rating: 5 5 3 4
When targeting any specific technology, the very first item on the list is to see if its service s corresponding port is available In the case of IPSec VPNs, we re looking for UDP 500 This is a simple task with nmap:
# nmap sU p 500 vpnelec0necom Starting Nmap 468 ( http://nmaporg ) at 2008-08-16 14:08 PDT Interesting ports on 19216811: PORT STATE SERVICE 500/udp open|filtered isakmp Nmap done: 1 IP address (1 host up) scanned in 1811 seconds
An alternate but more IPSec-focused tool is ike-scan by NTA Monitor (http:// wwwnta-monitorcom/tools/ike-scan/) This tool is available for all operating systems and performs IPSec VPN identification and gateway fingerprinting with a variety of configurable options
# /ike-scan vpnelec0necom Starting ike-scan 19 with 1 hosts (http://wwwnta-monitorcom/tools/ike-scan/) 19216811 Main Mode Handshake returned HDR=(CKY-R=5625e24b343ce106) SA=(Enc=3DES Hash=MD5 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800) VID=4048b7d56ebce88525e7de7f00d6c2d3c0000000 (IKE Fragmentation) Implementation guess: Cisco IOS/PIX Ending ike-scan 19: 1 hosts scanned in 0164 seconds (609 hosts/sec) handshake; 0 returned notify 1 returned
ike-scan not only tells us that the host is listening for IPSec VPN connections, but it also identifies the IKE Phase 1 mode supported and indicates what hardware the remote server is running The last probing tool, IKEProber (http://ikecracksourceforgenet/IKEProberpl), is an older tool that allows an attacker to create arbitrary IKE initiator packets for testing