Firewall Wizards mailing list archives
Re: Possibility of replay attacks in manually keyed IPsec?
From: Rick Smith <rick_smith () securecomputing com>
Date: Mon, 06 Dec 1999 10:38:49 -0600
At 08:53 AM 12/03/1999 +0100, Mikael Olsson wrote:
I'd imagine that if IPsec itself uses fixed encryption keys, it would be vulnerable to replay attacks, but this is not the case. Here, we only handle fixed keys to IKE, so the fixed keys only get used in the SA negotiation.
The original version of IPSEC was vulnerable to replay attacks, but the revised IPSEC incorporates features to detect and reject replayed packets. The use of nonces in IKE should prevent replay, assuming the nonces are appropriately random. The use of anti replay features in the latest IPSEC should likewize prevent successful replay attacks. As noted in a followup, IPSEC's original replay weakness is hard to exploit (but perhaps not impossible) if you're worried about TCP connections, since the sequence numbers make it hard to splice in the replayed packet. However, classic NFS doesn't have any replay protection, so you could retransmit a "write" operation and have it accepted. Rick. smith () securecomputing com "Internet Cryptography" at http://www.visi.com/crypto/
Current thread:
- Possibility of replay attacks in manually keyed IPsec? Mikael Olsson (Dec 03)
- Re: Possibility of replay attacks in manually keyed IPsec? Mikael Olsson (Dec 05)
- Re: Possibility of replay attacks in manually keyed IPsec? Steve Goldhaber (Dec 05)
- Re: Possibility of replay attacks in manually keyed IPsec? Stefan Norberg (Dec 05)
- Re: Possibility of replay attacks in manually keyed IPsec? Chris Cappuccio (Dec 06)
- Re: Possibility of replay attacks in manually keyed IPsec? Rick Smith (Dec 06)
- Re: Possibility of replay attacks in manually keyed IPsec? Mikael Olsson (Dec 07)
- <Possible follow-ups>
- RE: Possibility of replay attacks in manually keyed IPsec? Ben Nagy (Dec 05)