Vulnerability Development mailing list archives
Re: IPSec research
From: mhudack () EUGENE KASHPUREFF ORG (Mike Hudack)
Date: Sat, 25 Mar 2000 11:09:24 -0500
In general, IPSEC seems to be the "be all end all" of encrypted network traffic. Unfortunately, there are difficulties. My company's working on a product which was originally going to use IPSEC - we ran across several problems, however. IPSEC, although having been arround for a while, seems to be relatively untested and has several flaws - authentication and handshaking seems to be the biggest problem we came across, but not the only ones. In general I feel better recommending other tunneling protocols, we moved over to a modified SSH implementation. Good luck, Mike Hudack Chief Scientist: Knowledge Propulsion Laboratory 203.838.7129 mhudack () kplab com On Fri, 24 Mar 2000, Bep Verberk wrote:
I'm trying to locate some research/documents/papers discussing the use of IPSec to provide enhanced security. Aside from the obvious performance hit, people seem to be talking like this is the "silver bullet" for security over IP. Surely, there must be some inherent flaws ? What about the need for a trusted key exchange system ? Is that vulnerable ? Perhaps a good idea in theory will fall apart due to bad implementations, riddled with buffer overflow exploits and DOS vulnerabilities ?? Any thoughts, ideas, pointers ? Cheers.
Current thread:
- AIM 3.0 Buffer Overflow exploit, (continued)
- AIM 3.0 Buffer Overflow exploit lewkir () YAHOO COM (Mar 17)
- Re: AIM 3.0 Buffer Overflow exploit Jamal Hendershot (Mar 19)
- Re: AIM 3.0 Buffer Overflow exploit - - (Mar 21)
- AIM 3.0 Buffer Overflow exploit lewkir () YAHOO COM (Mar 17)
- Re: spoofing the ethernet address Arnold, Jamie (Mar 15)
- Re: spoofing the ethernet address James A. Robbins (Mar 15)
- Re: spoofing the ethernet address Pierre Landau (Mar 21)
- Re: spoofing the ethernet address Ex Machina (Mar 22)
- Re: spoofing the ethernet address (license managers) Eric Sherrill (Mar 24)
- IPSec research Bep Verberk (Mar 24)
- Re: IPSec research Dug Song (Mar 24)
- Re: IPSec research Mike Hudack (Mar 25)
- Re: IPSec research potential problem areas. Patrick Denton (Mar 25)
- Re: spoofing the ethernet address Ex Machina (Mar 22)