Re: Major TCP Vulnerability

To: debian-security@lists.debian.org
Subject: Re: Major TCP Vulnerability
From: Phillip Hofmeister <plhofmei@zionlth.org>
Date: Tue, 20 Apr 2004 21:33:01 -0400
Message-id: <[🔎] 20040421013301.GA26438@zionlth.org>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 00f301c42728$1d659c30$1b00a8c0@turing>
References: <[🔎] 87n0561fxx.fsf@deneb.enyo.de> <[🔎] 00f301c42728$1d659c30$1b00a8c0@turing>

On Tue, 20 Apr 2004 at 06:37:50PM -0400, Steve Ramage wrote:
> Stupid Question, I don't understand how IPSec is secure. Can't you just
> kill the IPSec connection, or is IPSec connectionless? As I understand
> it you have [TCP HEADER | TCP DATA ] in a TCP Packet. With Ipsec you
> have [ TCP Header | encrypted([TCP HEADER | TCP DATA]) ] that you could
> still kill.

IPSec uses AH (Auth Headers) to authenticate packets using
encryption/signing.  These packets are the "outer" packets.  The
encapsulated packets would still be vulnerable, but all information
about these packets are encrypted.  Furthermore, the IPSec endpoints
will typically not allow packets through from a peer network unless they
come via the IPSec tunnel (at least properly configured setups
won't...).

One the connection is on the LAN side of either IPSec endpoint it is
once again vulnerable to intruders on the LAN.  IPSec will get you
across the "untrusted" Internet though (unless someone pulls the plug at
OSI layer 1 or 2...)

Hope this answers your question.

-- 
Phillip Hofmeister

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import

Reply to:

References:
- Re: Major TCP Vulnerability
  - From: Florian Weimer <fw@deneb.enyo.de>
- RE: Major TCP Vulnerability
  - From: "Steve Ramage" <rospammedme@sjrx.net>

Prev by Date: Re: Major TCP Vulnerability
Next by Date: Réponse automatique d'absence du bureau : Failure
Previous by thread: Re: Major TCP Vulnerability
Next by thread: Re: Major TCP Vulnerability
Index(es):
- Date
- Thread