Re: A tool for crafting ESP packets

From: Emre Yildirim (emre.yildirim@us.army.mil)
Date: 11/25/01 

Message-ID: <3C00FDC4.4080803@us.army.mil>
Date: Sun, 25 Nov 2001 08:18:44 -0600
From: Emre Yildirim <emre.yildirim@us.army.mil>
To: Loki <loki@fatelabs.com>
Subject: Re: A tool for crafting ESP packets

Loki wrote:

> Also, AH isn't a "packet" it
> provides authentication mechanisms for IP datagrams and protection against
> replay attacks.

Then "ESP" isn't really a packet either, since it's just the encrypted
payload. By the way, you can have a "AH" packet i.e.

tunnel AH packet (good for gateway-to-gateway connections)
[IP header 1] [AH] [IP Header 2] [TCP Header] [data]

transport AH packet (host-to-host)
[IP header 1] [AH] [TCP header 2] [data]

The authentication header provides integrity for the IP header, the
encapsulating security payload just secures everything in the packet
that follows the header.

Just my $0.02 on this.

> RFC 2402:
> ftp://ftp.isi.edu/in-notes/rfc2402.txt
>
> Loki
> www.fatelabs.com 

-- 
Emre Yildirim <emre@asper.org>
GPG KeyID 0xF9E4A1D1 (keyserver.pgp.com)

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • [NEWS] Downgrading the Oracle Native Authentication
    ... Get your security news from a reliable source. ... Oracle native authentication protocols are typical challenge-response ... After some negotiation the client sends the username. ... calls it packet version ...
    (Securiteam)
  • Re: [fw-wiz] Security policy language
    ... specification language for the definition of a security policy, ... something that should let to specify the policy at organizational ... taxonomy, not an actual grammar. ... a log line or whatever (i.e., a packet filter or regex), a vulnerability ...
    (Firewall-Wizards)
  • [NEWS] Borland Interbase 2007 Integer Overflow
    ... Get your security news from a reliable source. ... Borland Interbase 2007 Integer Overflow ... overflow when a malformed packet is sent to the default TCP port 3050. ...
    (Securiteam)
  • [UNIX] Security Analysis of VTun
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... An attacker can modify ... Packet forwarding: ... password) as encryption key. ...
    (Securiteam)
  • [NEWS] Multiple IPSEC Implementations Do Not Adequately Validate Authentication Data (DoS)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... IPSEC supports integrity and authentication for IP traffic by including a ... It includes specification for two types of packets, ESP ... packet level encryption. ...
    (Securiteam)