Firewall Wizards mailing list archives

Re: Possibility of replay attacks in manually keyed IPsec?

From: Mikael Olsson <mikael.olsson () enternet se>
Date: Tue, 07 Dec 1999 09:40:33 +0100


So, the reason I'm hearing rumors about replay attacks against IPsec
is probably because IPsec didn't use to utilize sequence number fields?
(Which it does today)

That floats my boat.

Could also go a long way towards explaining why I've never seen
this demonstrated to me, but only heard it through "rumours".

Thanks
/Mike

Rick Smith wrote:

The original version of IPSEC was vulnerable to replay attacks, but the
revised IPSEC incorporates features to detect and reject replayed packets.
The use of nonces in IKE should prevent replay, assuming the nonces are
appropriately random. The use of anti replay features in the latest IPSEC
should likewize prevent successful replay attacks.


-- 
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 105 50           Fax: +46 (0)660 122 50
Mobile: +46 (0)70 248 00 33
WWW: http://www.enternet.se        E-mail: mikael.olsson () enternet se

Current thread:

Possibility of replay attacks in manually keyed IPsec? Mikael Olsson (Dec 03)
- Re: Possibility of replay attacks in manually keyed IPsec? Mikael Olsson (Dec 05)
- Re: Possibility of replay attacks in manually keyed IPsec? Steve Goldhaber (Dec 05)
- Re: Possibility of replay attacks in manually keyed IPsec? Stefan Norberg (Dec 05)
  - Re: Possibility of replay attacks in manually keyed IPsec? Chris Cappuccio (Dec 06)
- Re: Possibility of replay attacks in manually keyed IPsec? Rick Smith (Dec 06)
  - Re: Possibility of replay attacks in manually keyed IPsec? Mikael Olsson (Dec 07)
- <Possible follow-ups>
- RE: Possibility of replay attacks in manually keyed IPsec? Ben Nagy (Dec 05)