[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] IKE Aggressive Mode Downgrade Attack?

To: Melchior Limacher <mli@xxxxxxxxxxxx>
Subject: Re: [FD] IKE Aggressive Mode Downgrade Attack?
From: Lee <ler762@xxxxxxxxx>
Date: Fri, 1 May 2015 00:30:26 -0400

On 4/30/15, Melchior Limacher <mli@xxxxxxxxxxxx> wrote:
> Hello
>
>
> I was reading about "ike aggressive mode with pre shared key"
> (CVE-2002-1623).
>
> As described by cisco
> (http://www.cisco.com/en/US/tech/tk583/tk372/technologies_security_notice09186a008016b57f.html),
> this is still an issue
> "When responding to IPSec session initialization, Cisco IOS(r) software
> may use Aggressive Mode even if it has not been explicitly configured
> to do so. Cisco IOS software initially tries to negotiate using Main
> Mode but, failing that, resorts to Aggressive Mode."
>
> Are there known downgrade attacks? Counter-Measures?

  crypto isakmp aggressive-mode disable
should be the counter-measure.

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr-c4.html#wp7822516900
   To block all Internet Security Association and Key Management
Protocol (ISAKMP)
   aggressive mode requests to and from a device, use the
      crypto isakmp aggressive-mode disable
   command in global configuration mode.

Regards,
Lee

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

References:
- [FD] IKE Aggressive Mode Downgrade Attack?
  - From: Melchior Limacher

Prev by Date: Re: [FD] Mysterious CVE-2008-568 (Solaris)
Next by Date: Re: [FD] #WorldPenguinDay or this cant be right, can it?
Previous by thread: [FD] IKE Aggressive Mode Downgrade Attack?
Next by thread: [FD] OS X 0day - works on latest verz
Index(es):
- Date
- Thread