cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community will be experiencing a downtime on 17/Dec/18 02:20 AM GMT-0600 / 17-Dec 12 AM PST for 15 mins. Sorry for the inconvenience.

MITM attack IPSec. What happens if attacker knows ipsec pre-shared key ?

540
Views
0
Helpful
0
Comments
Frequent Contributor

For example we have 2 routers and ipsec tunnel between.  Packets from lo0 to lo0 ipsec protected.

screenshot2.jpg

 

If attacker knows ipsec preshared key he can not decrypt packets traversing unprotected media.

But he can use MITM attack. And I will show you how it works.

Attacker can install 2 more routers as shown red. 

screenshot4.jpgRouter R1 believes it is connected to R2 and ipsec is terminated on R2, but actually on R3

and R2 believes it is connected to R1 and ipsec is terminated on R1, but actually on R4

R1 lo0 can ping R2 lo0 but packets can be captured in clear between R3 and R4

Configuration files included.

 

 

 

 

 

CreatePlease to create content
Ask the Expert- DMVPN on Cisco routers