Connecting with Linux when the CSD is available

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Dec 6, 2015 at 6:52 PM, Andrew Falk <falk0069 at gmail.com> wrote:
> Hopefully, no matter what the admins configure, as long as you can get one OS to connect you can get another OS to connect by just mimicking the valid one.  The hard part is capturing the encrypted data so you can mimic it.

Yeah, this was a pain for me too.  I wound up using a combination of
stunnel 3, tcpflow, and fake DNS entries a few years ago.  There are
probably better ways.

I also noticed that if you tried to trick Windows AnyConnect into
using another IP by modifying your HOSTS file, it would quietly revert
your changes.

I wonder if it might be easier to use a modified version of ocserv
(possibly even setting up a permanent public host that anyone can use)
than to try to MITM the session between AnyConnect and your company's
VPN.  It could issue the CSD challenge and then spit out a ready-made
wrapper script matching your configuration on a web page.

FWIW, a while back somebody had success using a tweaked version of the
OpenSSL library to log AnyConnect's traffic.  This was on Linux,
though.  It might be documented in the list archives.



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux