Foiling an Attack - Defeating IPSec Tunnel Fingerprinting
نویسندگان
چکیده
This paper addresses some of the discriminants that make IPSec tunnel fingerprinting possible. Fingerprinting of VPN-tunnel endpoints may be desirable for forensic purposes, but in the hands of individuals of ill-intent, it undermines an enterprise network’s perimeter security. Three ways of preventing the ill-use of this type of fingerprinting are presented. The first two, apply to enterprises wishing to make their VPN tunnels immune to fingerprinting. The third delves deeper into the conceptual, and is directed at the standards definition process, as used by the Internet Engineering Task Force (IETF) and to authors of security-related RFCs in particular. It addresses aspects in the Internet Key Exchange version 1 (IKEv1) RFC that have led to misinterpretations on the part of IPSec implementers, and describes the use of a form of process algebra known as Communicating Sequential Processes (CSP) in defining security-related standards to overcome RFC-related ambiguities.
منابع مشابه
Uncovering identities: A study into VPN tunnel fingerprinting
Operating System fingerprinting is a reconnaissance method which can be used by attackers or forensic investigators. It identifies a system's identity by observing its responses to targeted probes, or by listening on a network and passively observing its network ‘etiquette’. The increased deployment of encrypted tunnels and Virtual Private Networks (VPNs) calls for the formulation of new finger...
متن کاملStealth DoS Attacks on Secure Channels
We initiate study of the use of ‘secure tunnel’ protocols, specifically IPsec, and its availability and performance guarantees to higher-layer protocols, in particular TCP, against Denial/Degradation of Service (DoS) attacks. IPsec is designed to provide privacy and authentication against MITM attackers, and employs an anti-replay mechanism to ensure performance. For our analysis, we define a n...
متن کاملEnhanced encapsulated Security payload a New Mechanism to Secure Internet Protocol Version 6 over Internet Protocol Version 4
A considerable amount of time will be needed before each system in the Internet can convert from Internet Protocol version 4 (IPv4) to Internet Protocol version 6 (IPv6). Three strategies have been proposed by the Internet Engineer Task Force (IETF) to help the transition from IPv4 to IPv6 which are dual stack, header translation and tunneling. Tunneling is used when two computers using IPv6 wa...
متن کاملNetwork Working Group B. Patel Request for Comments: 3193 Intel Category: Standards Track B. Aboba W. Dixon Microsoft G. Zorn S. Booth Cisco Systems November 2001 Securing L2TP using IPsec
Securing L2TP using IPsec Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract This d...
متن کاملNetwork Working Group Request for Comments: 3193 Category
Securing L2TP using IPsec Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract This d...
متن کامل