Environment
BorderManager 3.8 Support Pack 4 applied
Bm38sp4_ir5.exe applied
VPN server configured
VPN client to site enabled
bm3xvpn12.exe applied
Netware 6.5 SP5 applied
Bm38sp4_ir5.exe applied
VPN server configured
VPN client to site enabled
bm3xvpn12.exe applied
Netware 6.5 SP5 applied
Situation
A vpn test tool exists at
http://www.nta-monitor.com/tools/ike-scan/. One of the serieMsts
performed using this tools is used to uncover IKE cookie issues.
During one such VPN test, a discovery that the ISAKMP cookies
generated by Novell Bordermanager are predictable. For a given
source IP and port, that the responder cookie that Bordermanager
generates is the same from one request to the next. The cookie
remains the same for approximately one day.
It is important that ISAKMP cookie values are both unique and non-predictable. The BorderManager implementation failed with both of these requirements. The fact that the cookies are predictable means that the IPsec implementation is likely to be vulnerable to a number of issues, including DoS attacks and replay attacks.
It is important that ISAKMP cookie values are both unique and non-predictable. The BorderManager implementation failed with both of these requirements. The fact that the cookies are predictable means that the IPsec implementation is likely to be vulnerable to a number of issues, including DoS attacks and replay attacks.
Resolution
Apply bmvpnsec1.exe, which includes the latest IKE.NLM.It is
important that ISAKMP cookie values are both unique and
non-predictable. The BorderManager IKE implementation now succeeds
with both of these requirements. This will be included in
BorderManager 3.8 SP5.
Status
Security AlertAdditional Information
Below is an example using Bordermanager 3.8 on Netware 6.5. Here we run "ike-scan" twice using an acceptable transform. We see that the responder cookie (CKY-R) in the ISAKMP header is the same for both responses:
$ ike-scan --trans=5,2,3,2 -M 172.16.3.27
Starting ike-scan 1.8.4 with 1 hosts
(http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.27 Main Mode Handshake returned
HDR=(CKY-R=56a0aa5e1b5edb64)
SA=(Enc=3DES Hash=SHA1 Auth=RSA_Sig Group=2:modp1024
LifeType=Seconds LifeDuration(4)=0x00007080)
VID=7d9419a65310ca6f2c179d9215529d56 (draft-ietf-ipsec-nat-t-ike-03)
Ending ike-scan 1.8.4: 1 hosts scanned in 0.215 seconds (4.66 hosts/sec). 1 returned handshake; 0 returned notify
$ ike-scan --trans=5,2,3,2 -M 172.16.3.27
Starting ike-scan 1.8.4 with 1 hosts
(http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.27 Main Mode Handshake returned
HDR=(CKY-R=56a0aa5e1b5edb64)
SA=(Enc=3DES Hash=SHA1 Auth=RSA_Sig Group=2:modp1024
LifeType=Seconds LifeDuration(4)=0x00007080)
VID=7d9419a65310ca6f2c179d9215529d56 (draft-ietf-ipsec-nat-t-ike-03)
Ending ike-scan 1.8.4: 1 hosts scanned in 0.054 seconds (18.37 hosts/sec). 1 returned handshake; 0 returned notify
Below is another example. Here we used the ike-scan tool to send a total of 10,000 Main Mode IKE packets at a rate of one per
minute. The response packets from the Bordermanager server include the time when they are received.
The command line used to reproduce the problem was:
perl -e 'print "172.16.3.27\n" x 10000' | ike-scan --timestamp -r 1 -f - -i 60s --trans=5,2,3,2
A list of the different responder cookies, and the times that they were received, is given below. In this list, the first column shows the time when the packet was received, and the second column shows
the responder cookie. Elipses (...) show where multiple lines with identical cookies have been removed for brevity. Each ellipse represents about 1400 omitted lines.
13:25:06.563218 fcb5babf3454e319
13:26:06.488920 fcb5babf3454e319
...
12:55:06.532470 fcb5babf3454e319
12:56:06.466293 fcb5babf3454e319
12:57:06.445624 70922d04c056bc12
12:58:06.454968 70922d04c056bc12
...
12:39:06.435416 70922d04c056bc12
12:40:06.488223 70922d04c056bc12
12:41:06.568345 534129c8eda39e27
12:42:06.582008 534129c8eda39e27
...
12:23:06.596316 534129c8eda39e27
12:24:06.653245 534129c8eda39e27
12:25:06.580139 2d7c639c57d6d896
12:26:06.421715 2d7c639c57d6d896
...
12:07:06.504430 2d7c639c57d6d896
12:08:06.395834 2d7c639c57d6d896
12:09:06.400113 38338fd7855747ab
12:10:06.524477 38338fd7855747ab
...
11:51:06.419117 38338fd7855747ab
11:52:06.556816 38338fd7855747ab
11:53:06.722715 3f430f2c715908c3
11:54:06.627612 3f430f2c715908c3
...
11:35:06.606475 3f430f2c715908c3
11:36:06.593664 3f430f2c715908c3
11:37:06.528123 4ab09245899ac58e
11:38:06.449059 4ab09245899ac58e
...
11:19:06.576838 4ab09245899ac58e
11:20:06.485380 4ab09245899ac58e
11:21:06.438597 e42cdef7cb8850bb
11:22:06.486008 e42cdef7cb8850bb