Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory

[Pavel Kankovsky <peak () argo troja mff cuni cz>]

On Fri, 28 Jul 2006, Eloy Paris wrote:

> The attack against the Internet Key Exchange (IKE) protocol described
> in the NTA Monitor advisory exploits the stateless nature of the IKE
> version 1 protocol. The goal of such an attack is to deplete the
> resources available on a device to negotiate IKE security associations,
> and block legitimate users from establishing a new security association.

"Stateless"? Wasn't it supposed to read "stateful"?

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."