[prev in list] [next in list] [prev in thread] [next in thread]
List: openswan-dev
Subject: Re: [Openswan dev] Re: [Openswan Users] Xauth Client extensions
From: mcr () xelerance ! com
Date: 2004-04-21 0:53:38
Message-ID: 5341.1082508818 () marajade ! sandelman ! ottawa ! on ! ca
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Henrik" == Henrik Nordstrom <hno@marasystems.com> writes:
Henrik> Yes.
Henrik> But the attacker do however need to guess (or sniff) a valid
Henrik> identity payload to be able to exploit this.
emphasis on the "or sniff".
90% of the groupid/passwords I've seen are either "cisco", "cisco123"
(what cisco has on their web site), "VPN_Base_Group" (Cisco's default
group), or the name of the company involved.
And, one may well be able to get it out of the client by attempting to
initiate with a client!
So, it scares the willies out of me, and would keep me up at night
worrying about. Three-way handshake makes know that at least I can
recognize an idiot before I commit to doing heavy crypto for them.
Why haven't we seen these attacks yet? Well, why bother when you can
just use Win32RPCGetRemoteRoot()?
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQIXGEYqHRg3pndX9AQHdpAQA7D/NUWWQUkSm5jkSiB0z4DuWOUqFEkKr
IJeJYCm/e6DIoLtoVF3PYE2ElTI8ktmwlbG6x15INi13jsaQM/X+TV+IInsWllOS
A+gb2N6YilFwPhTClHtdLPD6gjzNYABVugnukwaUu1vu4P8MeU8gb79MVhVEtG0u
8btB0kOb9AM=
=6qnD
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic