The presentation is at http://www.io.com/~mdfranz/papers/howsecure.ppt and
the last dozen or so slides deal with potential IKE security issues. I
don't think the 12 byte issue was in the prezo, but similar malformed
IKE/AH/ESP messages can be generated with udpsic and isic.
- mdf
> While I don't remember if it included tools, there was a paper on
> pen-testing an IPSEC gateway at the Cansecwest conference 2 years ago. The
> gist of it was that it is possible to cause a (defeatable) denial of service
> in the first 12 bytes of an initial connection it was otherwise pretty
> secure. That of course doesn't necessarily go for the management web interface
> on the VPN gateway (there was also a paper on penetrating those at the same
> conference). That should at least give you a place to start poking :-).
> I believe the web site is www.cansecwest.com (google will find it in any case).
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
> top spam and e-mail risk at the gateway.
> SurfControl E-mail Filter puts the brakes on spam & viruses
> and gives you the reports to prove it. See exactly how much
> junk never even makes it in the door. Free 30-day trial:
> http://www.securityfocus.com/SurfControl-pen-test
top spam and e-mail risk at the gateway.
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it. See exactly how much
junk never even makes it in the door. Free 30-day trial:
http://www.securityfocus.com/SurfControl-pen-test
Received on Apr 07 2003
Intro
