Re: IKE DoS (a little off-topic)

["Josef Pojsl" <josef.pojsl () skynet cz>]

Neil,

there has been a detailed discussion on IKE DoS attacks and methods to block
them on the IPsec mailing list. You can reach it at ipsec () lists tislabs com
(archives at ftp://ftp.tis.com/pub/lists/ipsec/)
You can find more information at http://www.ietf.org/html.charters/ipsec-charter.html

Regards,
Josef


On Wed, Mar 01, 2000 at 09:06:04PM -0500, Neil Buckley wrote:
> Someone had made mention that the IKE process in IPSec could fall prey
> to some basic DoS type attacks.  Since I have been involved in a large
> VPN deployment I was interested in determining exactly what attacks have
> occurred and how the risk can be mitigated.  Is the attack a theory?
> IE. one "could" flood the tunnel termination point with bogus requests
> ultimately running it out of resources, or have there been actual
> scituations where this type of attack was successfuly used?
>
> So far my search has produced little data, I have read the RFC and the
> token that was implemented as a throttling mechanism for such an attack,
> but I have yet to find any hard core evidence that that suggests IKE is
> susceptible to a basic DoS and if it is how do you reduce the risk of
> falling victim to it.
>
> does anyone have any thoughts or pointers related to this subject?