- TalkBack 3 of 5:
- Next »
- « Previous
- Thread View
- Flat View
- Yes, but...
-
I don't see why restricting ICMP traffic would not allow a packet sniffer to do it's job. In other words, if a router and/or VPN server is compromised and the packets are being captured on the attackers machine, what difference does ICMP traffic being blocked make? All the hacker has to do is put a packet sniffer somewhere on the network, which is entirely too easy to do in most cases.
I'd say the most important detail in the article is this...
"The NISCC includes a number of solutions to this issue in its advisory."
By reading the solutions on the actual advisory, it sounds to me like IPSEC is only vulnerable if it's not implemented properly...
http://www.niscc.gov.uk/niscc/docs/al-20050509-00386.html?lang=en
Solution
- - --------
Any of the following methods can be used to rectify this issue:
1. Configure ESP to use both confidentiality and integrity protection. This is the recommended
solution.
2. Use the AH protocol alongside ESP to provide integrity protection. However, this must be done
carefully: for example, the configuration where AH in transport mode is applied end-to-end and
tunnelled inside ESP is still vulnerable.
3. Remove the error reporting by restricting the generation of ICMP messages or by filtering
these messages at a firewall or security gateway. - Posted by: nikoli Posted on: 05/12/05 You are currently: a Guest | Members login | Terms of Use
Didn't I read somewhere...
alaricd | 05/12/05
|
|
Just read the advisory
toomuchgreeatea@... | 05/12/05
|
 
Yes, but...
nikoli | 05/12/05
|
|
Just another IPSec flaw...
failover | 05/13/05
|
|
And then there is this...
Henrick Ericcson | 05/13/05
|
What do you think?
SponsoredWhite Papers, Webcasts, and Downloads
- The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
- Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
- Email Security and Archiving - Clearer in the Cloud Google The time is NOW for businesses and organizations of all sizes to implement ... Download Now
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
- Learn more about tools to grow your business
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Save time with the UPS Business Essentials Guide
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
-
-
Smart Tech
Expert advice on innovations in healthcare and the green technologies that make it happen.
Find out more
-
Smart Business
Discussion and advice on management issues that revolve around making your world smarter and more useful.
More Smart Advice
-
Smart People
The best and worst moves in the management and strategy trenches.
Learn More
