RE: Pen-Testing VPN

From: Eric Hines (eric.hinesat_private)
Date: Fri Apr 04 2003 - 13:06:50 PST

Next message: Susan Olson: "Concurrent Sessions and User Feedback"

Previous message: Andy Cuff [talisker]: "Security Training"
In reply to: Darren Beattie: "Pen-Testing VPN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Darren:

Conducting risk assessments against VPN's are actually quite exciting,
just remember, VPNs are nothing more than fancy bridges.

Refer to my advisories I've written on circumventing VPNs (Avaya and
Rapidstream) at fatelabs.com

History has proven VPN vendors to do some really stupid things. For
example, I noticed SSHD was installed on Rapidstream appliance I was
doing an assessment on and found out they hard coded the root/rsadmin
account into the SSHD binary with no password.

Avaya/VPNet as well as other "unnamed" VPNs have severe problems in
their bridging code. Put a system one hop away from the outside of the
VPN (e.g. a dmz in front of a vpn) and set the default gateway of that
system to the vpn. The VPN will bridge traffic from the public side to
the private side without authentication. Several VPN vendors suffer from
this problem. 

I also refer you to a tool written by an engineer at Avaya called
IKEcrack:
http://ikecrack.sourceforge.net/


Good luck.

Eric Hines
Internet Warfare and Intelligence
Fate Research Labs
http://www.fatelabs.com


-----Original Message-----
From: Darren Beattie [mailto:darren.beattieat_private] 
Sent: Thursday, April 03, 2003 12:43 PM
To: pen-testat_private
Subject: Pen-Testing VPN




Hi All,

I use various scanners and tools to test firewalls and servers. I will 
testing a firewall that has VPNs connected to it. I am wandering how to 
test the VPN for security. I am sure that I could see the vpn port on
the 
firewall, listening for connections.

I would like to establish a VPN tunnel and 'hit it' to see how secure it

really is.

I would like some help in identifying any tools out there that would
allow 
me to carry this out.

Regards,

Darren

top spam and e-mail risk at the gateway.
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it. See exactly how much junk never
even makes it in the door. Free 30-day trial:
http://www.securityfocus.com/SurfControl-pen-test



top spam and e-mail risk at the gateway.
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it. See exactly how much
junk never even makes it in the door. Free 30-day trial:
http://www.securityfocus.com/SurfControl-pen-test

Next message: Susan Olson: "Concurrent Sessions and User Feedback"
Previous message: Andy Cuff [talisker]: "Security Training"
In reply to: Darren Beattie: "Pen-Testing VPN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Apr 05 2003 - 09:11:01 PST