From owner-freebsd-security  Wed Sep 27  3:50:19 2000
Delivered-To: freebsd-security@freebsd.org
Received: from elde.org (elde.org [195.204.143.185])
	by hub.freebsd.org (Postfix) with ESMTP id 9AB8537B424
	for <freebsd-security@FreeBSD.ORG>; Wed, 27 Sep 2000 03:50:16 -0700 (PDT)
Received: by elde.org (Postfix, from userid 1002)
	id 54FCE5F2C6; Wed, 27 Sep 2000 12:50:06 +0200 (CEST)
Date: Wed, 27 Sep 2000 12:50:06 +0200
From: Terje Elde <terje@elde.net>
To: Sam wun <swun@eSec.com.au>
Cc: "'freebsd-security@freebsd.org'" <freebsd-security@FreeBSD.ORG>
Subject: Re: What happened if the pre-share key got cacked?
Message-ID: <20000927125006.B59697@dlt.follo.net>
References: <00BF97DD9F3FD311AB860060084E50DD311C71@exchange.xpert.com> <20000925143807.A401@hal9000.bsdonline.org> <39D1B8E8.B5B070FB@eSec.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <39D1B8E8.B5B070FB@eSec.com.au>; from swun@eSec.com.au on Wed, Sep 27, 2000 at 08:07:52PM +1100
X-Mailer: Mutt http://www.mutt.org/
X-Editor: Vim http://www.vim.org/
X-IRC: ircii!epic4-2000 - prevail[1214]
X-Goal: Exterminate All Rational Thought
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

* Sam wun (swun@eSec.com.au) [000927 12:09]:
> I am a bit concernt about hte pre-share key that using by the IPsec couple of
> client and the server machines.
> What if this key got stolent somehow? what will be the consequence?
> I am using IPSec in FreeBSD. The pre-share key is used by racoon. The psk.txt
> is protected by 600 permission. But what if my root account got cracked?
> anyone whom posesses my root account will be able to see the content of the
> psk.txt file?

Bottom line is that if someone gets your root account you're owned no matter
what you do.

> It may not be that importnat if the psk.txt got hacked, the hacker still hard
> to penetrade in to another machine which also got IPsec setup. Because all
> data transfer is protected by IPsec., thus tcpdump will fail. Am I right?

If they've got the psk then they'll be able to decrypt (more complicated than
that, but let's simplify). Also, if they break into the box which has hte
psk.txt file, then it's pretty safe to assume it's one of the endpoints, in
which case it'll be able to sniff.

Terje


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message