Bugtraq mailing list archives
Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory
From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Sun, 30 Jul 2006 15:50:58 +0200 (CEST)
On Fri, 28 Jul 2006, Eloy Paris wrote:
The attack against the Internet Key Exchange (IKE) protocol described in the NTA Monitor advisory exploits the stateless nature of the IKE version 1 protocol. The goal of such an attack is to deplete the resources available on a device to negotiate IKE security associations, and block legitimate users from establishing a new security association.
"Stateless"? Wasn't it supposed to read "stateful"? --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Roy Hills (Jul 26)
- Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Eloy Paris (Jul 29)
- Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Pavel Kankovsky (Jul 31)
- Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Eloy Paris (Jul 29)