question on cryptography - NRPE and Man in the middle attacks

Andreas Ericsson ae at op5.se
Fri Sep 28 10:35:14 CEST 2007

Previous message: question on cryptography - NRPE and Man in the middle attacks
Next message: Nagios3.0b4 : shutdown after a few minutes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tharanga wrote:
> Dear Friends,
> 
> I have a small confusion about NRPE security. NRPE is using anon-dh for key
> exchange and server or client will not authenticate. so any one in the
> middle can attack the protocol. Man in the middle attack is possible.
> 

Yes it's possible, but only if you intercept the very first packet from both
sides and then prevent them from negotiating with each other, but that is
slightly different, so it's not really a mitm attack.

No cryptographic identity verification takes place, but the cipher-stream
must still be valid all the way through.

> Actually how it prevent in  NRPE implementation. SHA0 also a compromised
> one..(sorry iam newbie to this NRPE dvelopment).
> 

Yes, it's compromised, but only for pre-generated content, and not for the
purpose you suggest. It would be easy to use SHA1 instead.

> Acording to the docuemnt its using ANON-DH without using pre-genereated
> public - private key. but actually how the AES, SHA  - ANON-DH works on the
> protocol.
> 
> My idea is (correct me if iam wrong )
> 
> First use AES for a shared secret key (symmetric key)  and then it will
> hash  using secure hasing algorithm (has vlaue is created for the data
> stream) . (assume no near collisions ?? )

I'm not sure what you mean by "near collisions". There is no such thing as
"close enough" in cryptography. You're either dead on or miles away.

>  and Anon-dh is only used for SSL
> handhake state to agree on a common value. (provides security at  TCP
> layer).
> 
> if a intruder attck the NRPE protocol , but it cant read/modify the data
> (due to AES) ??
> 
> so..basic key exchange is done via AES and this is not breakable ?? is it ??
> 

Basically, once the key has been exchanged, the communication isn't readable by
anyone but the two parties involved, and it's not breakable because that would
make every packet invalid due to having the wrong cipher checksum.

If you want to perform a mitm-attack against NRPE (or any cryptographic protocol
where none of the parties cryptographically authenticate each other), you must
intercept the very first packets.

Say you have a setup such as this:

client (check_nrpe) <---->  evil-router <----> server (nrpe)

Then you can read and modify all traffic on evil-router, although you'll have to
set up a new connection to the nrpe-server and pretend your end of the connection
from the nagios-server is really the nrpe-server. It's fairly trivial to do,
assuming you already have full control over the network.

Note that this attack isn't limited to nrpe. It will work for shared-key HTTPS and
suchlike too. It will not work for SSH unless you have both 'evil-router' and the
private keys from 'server'.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

Previous message: question on cryptography - NRPE and Man in the middle attacks
Next message: Nagios3.0b4 : shutdown after a few minutes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list