I'm trying to pentest an IPSEC
implementation with no Auth in Tunnel mode
for a Uni Project.
After sniffing an ESP packet (which contains an ICMP) with Wireshark
, the attacker sends the same packet with Scapy
to Host A
. The problem is that the Router A
do not forward anything to his Host A
.
I am also using Scapy with the ESP implementation from https://github.com/secdev/scapy
This is My Configuration:
HOST A: 10.0.1.10
ROUTER A NIC-1: 10.0.1.24
ROUTER A NIC-2: 192.168.100.1
HOST B: 10.0.2.10
ROUTER B NIC-1: 10.0.2.24
ROUTER B NIC-2: 192.168.100.2
ATTACKER: 192.168.100.3
after I use sendp
from the ATTACKER
machine, i see the ESP
packet on Router A
06:03:03.088236 IP 192.168.100.2 > Tirith: ESP(spi=0xc18c8ed9,seq=0x1b), length 120
sadly, it doesn't happen anything on HOST A.
I can do the same thing without the ESP
,with a simple ICMP packet, everything works: Router A
gets the packet and forward to HOST A
, so it seems that the interface is also set correctly.
Am I missing something here?