[86610] in North American Network Operators' Group
Re: the iab simplifies internet architecture!
daemon@ATHENA.MIT.EDU (Crist Clark)
Fri Nov 11 13:39:29 2005
Date: Fri, 11 Nov 2005 10:38:57 -0800
From: Crist Clark <crist.clark@globalstar.com>
In-reply-to: <Pine.GSO.4.58.0511111804230.20032@marvin.argfrp.us.uu.net>
To: "Christopher L. Morrow" <christopher.morrow@mci.com>
Cc: Sam Crooks <scrooks@ebocom.net>, Randy Bush <randy@psg.com>,
bmanning@vacation.karoshi.com, nanog@nanog.org
Reply-To: crist.clark@globalstar.com
Errors-To: owner-nanog@merit.edu
Christopher L. Morrow wrote:
>
>>
>>
>>
>>On Thu, 2005-11-10 at 20:37 -1000, Randy Bush wrote:
>>
>>>btw, for another great giggle (many thanks to brian candler
>>>for reporting it)
>>>
>>> From the documentation for Cisco's VPN client software for
>>> Linux:
>>> http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_user_guide_chapter09186a0080234617.html
>>>
>>> "User profiles [which contain all your IPSEC parameters:
>>> pre-shared key, username and password] reside in the
>>> /etc/CiscoSystemsVPNClient/Profiles/ directory. Leave the
>>> permissions for the Profiles folder set at drwxrwxrwx.
>>> Each profile in the Profiles folder should have the
>>> follwoing permissions: -rw-rw-rw-."
>>
>>The password string is encrypted in the Profile, however, when you save
>>it...
>
>
> encrypted how? cyrpt? md5? cisco7? Some way proven to take 'very long' to
> decrypt? is the passwd really necessary or is only the hash required? this
> is just wholey irresponsible of any vendor, nevermind one that should
> really know better :(
http://www.cisco.com/warp/public/707/cisco-sn-20040415-grppass.shtml
"The Group Password used by the Cisco Internet Protocol Security (IPsec)
virtual private network (VPN) client is scrambled on the hard drive, but
unscrambled in memory. This password can now be recovered on both the
Linux and Microsoft Windows platform implementations of the Cisco IPsec
VPN client."
--
Crist J. Clark crist.clark@globalstar.com
Globalstar Communications (408) 933-4387
The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.
If the reader of this e-mail is not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient,
you are hereby notified that any review, dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this e-mail in error, please contact postmaster@globalstar.com
