Re: Microsoft IKE DoS... source port 500?

["Crist J. Clark" <cristjc () earthlink net>]

On Sat, Dec 29, 2001 at 06:26:14PM -0500, Abe L. Getchell wrote:
[snip]

> (from http://www.ietf.org/rfc/rfc2408.txt)
>
> 2.5.1 Transport Protocol
>
>    ISAKMP can be implemented over any transport protocol or over IP
>    itself.  Implementations MUST include send and receive capability for
>    ISAKMP using the User Datagram Protocol (UDP) on port 500.  UDP Port
>    500 has been assigned to ISAKMP by the Internet Assigned Numbers
>    Authority (IANA). Implementations MAY additionally support ISAKMP
>    over other transport protocols or over IP itself.
>
> Notice that this doesn't specify that IKE packets _must_ have a source
> port of 500, it simply says 'port 500'.  Can someone point me to any
> piece of documentation which specifies that IKE packets _must_ have a
> source port of 500?  Is this one of those 'unofficial standards' and
> hence the reason for Microsoft's implementation processing these packets
> as normal?

IMHO, demanding that IKE datagrams have a source port of 500 is the
"more buggy" behavior. The RFC says you must be able to "receive on"
and "send on" port 500. It does not say anything about the port we
"send to" or "receive from."
-- 
"It's always funny until someone gets hurt. Then it's hilarious."

Crist J. Clark                     |     cjclark () alum mit edu
                                   |     cjclark () jhu edu
http://people.freebsd.org/~cjc/    |     cjc () freebsd org