On Wed, 09 Oct 2002 06:04:34 PDT you wrote > > A rogue AP can do a lot of damage to a VPN implementation -- like > injecting disassociation and deauthenticate frames at will.
Most VPN implementations are layer three devices. The damage that can be caused by injecting disassociation and deauthenticate frames is analagous to someone applying an access control list on a router between the VPN peers and dropping your VPN traffic-- the packets don't flow, but the _VPN implementation_ and the security association between the two peers is not effected. > In addition, > many IPsec implementations rely on group pre-shared keys (that's > required by IKE Main Mode when the client has a dynamic IP address). There is nothing in RFC2409 (IKE) that requires a group pre-shared key. The issue with group pre-shared keys comes up when people want to do legacy authentication (using a username/password) for the client and they are too lazy to do it right. RFC2409 does not even provide for any legacy authentication so anyone supporting group pre-shared keys is decidedly _outside_ of RFC2409. How do you do it right? Use a certificate on both ends, and do real RFC2409-style authentication. You can still have dynamic IP addresses. > Since a group secret isn't a secret at all, this allows any authorized > user to set up a rogue VPN server. And if the installation does something > really foolish, like deriving the group pre-shared key from a password, then >the group > pre-shared key can be cracked by an outsider, because IKE Main Mode is > vulnerable to offline dictionary attack. > > Ironically, IKE Aggressive Mode does a better job in the dynamic client > case, since you can have individual pre-shared keys for each client, > although the identity exchange is exposed on the wire. However, many VPN > clients don't support Aggressive Mode, so you may be out of luck. > > The bottom line is that IPsec/IKE VPNs are no panacea when dealing with > clients that have a dynamic IP address. Most of these issues don't arise with > point-to-point implementations, since in that case, both ends of the VPN > connection typically have a fixed IP address, and so IKE Main Mode allows > for individual pre-shared keys (and identity protection). Doing 802.1X and EAP is not a panacea either because someone could come up with an EAP method that is fundamentally broken just like someone came up with an extension to IKE (using a group pre-shared key) that was fundamentally broken. The bottom line is that some vendors sell crap. It is not enough to just buy an "IPsec device" or a product that "supports 802.1X/EAP". Look under the hood, kick some tires, ask some questions before you buy. Dan. -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
