中文摘要：

分析了对IKEv1的一种中间人攻击方法，该方法基于IKEv1密钥交换在预共享密钥认证机制下的激进模式。实施中间人攻击的步骤是首先利用IKEv1的离线口令穷举获取预共享密钥，获得预共享密钥后，把Diffie-Hellman（DH）间人攻击原理应用于IKEv1的激进模式，实现对IKEv1的中间人攻击。通过分析该模式的中间人攻击原理，得出了对IKEv1的激进模式进行中间人攻击的条件、实施方法并评估了其对IPsec的危害性。由于该模式存在用户名枚举漏洞，攻击者可以离线穷尽预共享密钥，在现实中IKE中间人攻击的威胁是存在的，建议在使用IPsecVPN时不使用激进模式的密钥协商，并加强中间路由器的安全防护。

英文摘要：

In the paper a method of man-in-the middle attack to IKEvl is discussed and analyzed is based on the aggressive mode of IKEvl key exchange with pre-share-key authentication. The conditions and implementing methods of the attack are obtained by analyzing the principle of the attack to IKEvl on the mode. For implementing man-in-the middle attack, the pre-share-key is first achieved by exhaustion method with offline password of IKEv 1. The theory of Diffie-Hellman （DH） man-in-the middle attack to applied to the aggressive mode of IKEvl. Because there are some offline password leaks in the mode for obtaining pre-share-key, the conclusion is that the attack would jeopardize IPsec VPN in practice.