Fuzz Testing with the IPsec AH Protocol

Overview

This topic describes how to test IPsec (Internet Protocol Security) using the IPsec AH module beSTORM.

Fuzz testing with beSTORM

To test a SSL server with beSTORM, do the following:

1. Install beSTORM Client on a computer that is not in use or on a network and assign an IP address to it. This will create the beSTORM server.

2. Set up the target IPsec machine on another computer that is also not in use or on a network and assign an IP address to it.

3. On the beSTORM server, go to https://npcap.com/, and then download and install the Npcap network device driver for Windows.

4. Open Command Prompt on the beSTORM server, and then enter the following command to start the Npcap driver:

   sc start npcap

   NOTE: If the "[SC} StartService FAILED 1056" error message appears, then the driver is already running.

5. Using an Ethernet cable, connect the beSTORM server to the IPsec computer. Do not include a switch between the two computers.

6. Open beSTORM Client.

7. Select New Project. The beSTORM New Project Wizard opens.

8. On the Welcome page, do the following:

   1. In the Project Name box, enter a name.

   2. Optionally, select a different file location for your project in the Location Name box.

   3. Leave Please select the wizard set to Simple.

   4. Leave Perform a port scan, and service detection and assist me in choosing the relevant module unchecked.

      

9. Select Next.

10. On the Basic Configuration page, do the following:

    1. In the beSTORM's predefined modules list, select IPsec AH.

    2. In the Network Device list, select Network Device (Npcap).

       

11. Select Next.

12. On the Module Environment page, do the following:

    1. Destination Address - Double-click on the Value box. In the MAC Address Finder dialog, enter the IP Address of the IPsec computer and then select Find. The MAC Address box will refresh and display the MAC address of the IPsec computer. Select OK.

    2. Sender IP Address - In the Value box, enter the IP address of the beSTORM server.

    3. Source Address - Double-click on the Value box. In the MAC Address Finder dialog, enter the IP Address of the beSTORM server and then select Find. The MAC Address box will refresh and display the MAC address of the beSTORM server. Select OK.

    4. Destination IP Address - In the Value box, enter the IP address of the IPsec computer.

       

13. Select Next.

14. On the Extra Configuration page, ensure the ARP Echo and ICMP Echo checkboxes are selected. Leave all other parameters to their default setting.

    

15. Select Next.

16. On the Complete beSTORM wizard page, select Finish to begin testing, or clear the Auto-start beSTORM scan now checkbox to run the test later.

17. If an exception occurs once your test begins (that is, an attack was successful), a message will appear in the Exception Information dialog informing you that the remote server is not responding. This indicates a possible vulnerability. Testing will resume after five seconds unless you select Pause Test.

    

18. When testing is complete, select Report from the Test Information pane to view a short report of your test. To generate a more comprehensive report of your test, select Report > Generate Report from the beSTORM Client.