Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
988
Views
0
Helpful
1
Replies

ARP Spoofing on VPN Gateway

frank-ruloffs
Level 1
Level 1

‎07-14-2005 01:48 PM

Hi!

I have a problem in a open network.

There are multiple WLAN-AP's and LAN Ports.

We place a VPN Concentrator in it and use

Cisco VPN Client.

A Hacker performed an arp snooping on

the mac of the vpn-concentrator. He identifies as the vpn gateway and wrote

a tool to force the vpn-client (Windows 4.06) to go in aggressive mode and transfer the password in clear-text.

Is there a option in Cisco VPN Client to

disable aggressive mode an force main mode?

regards

Labels:
0 Helpful
1 Reply 1

rbays@angelo.edu
Level 1
Level 1

‎07-19-2005 06:28 AM

We are looking to prevent a similar situation right now. Have you considered deploying Hybrid IKE as a proposal (also refered to as Mutual Authentication)? This provides mutual authentication where in the concentrator authenticates itself to the user using its digital signature, and the client authenticates using a challange response mechanism. This removes the shared group secret from the picture. You can find information on Hybrid IKE in the expired IETF draft here:

http://www.ietf.org/proceedings/99nov/I-D/draft-ietf-ipsec-isakmp-hybrid-auth-02.txt

Or Cisco has numerous documents that include information on the topic:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_security_notice09186a0080215981.html

http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/4_6/relnt/46clnt.htm#wp1382364

One thing, Hybrid was just a draft, and is now expired, so it didn't make it to full standard status. Hope this helps out.

0 Helpful
Customers Also Viewed These Support Documents