Re: A tool for crafting ESP packets

From: Loki (loki@fatelabs.com)
Date: 11/25/01 

Message-Id: <200111251917.fAPJHuG15355@pa-lnx01.fatelabs.com>
From: Loki <loki@fatelabs.com>
To: "Nelson Brito" <nelson@tw-award.com>, "Emre Yildirim" <emre.yildirim@us.army.mil>
Subject: Re: A tool for crafting ESP packets
Date: Sun, 25 Nov 2001 14:17:56 -0500

Nelson,
I think you are misunderstanding. AH (Authentication Header), ESP
(Encapsulating Security Payload), etc. are all headers in an IPSec packet.
There is no such thing as "sending an AH packet). When I referred to my
previous past as a tool to craft "ESP packets" I am in other words saying,
"crafting IPSec packets". As all of these headers make up the IP Security
protocol suite.

Loki
www.fatelabs.com

On Tuesday 25 September 2001 04:31 pm, Nelson Brito wrote:
> : Loki wrote:
> : > Also, AH isn't a "packet" it
> : > provides authentication mechanisms for IP datagrams and protection
>
> against
>
> : > replay attacks.
>
> So, AH and ESP is a packet, in "IPSec Securing VPNs" from RSA Press, the
> author Carlton R. Davis shays:
> pg. 199: "In tunnel mode AH is inserted before the original IP header and a
> new IP header is inserted in front of the AH."
>
> So, you'll see this "PACKET" like a "AH PACKET", am I wrong? I don't think
> so.
>
> See the diagrams:
> IPv4 Header before applying AH:
> [variable-length] [transport protocol] [transport protocol]
> [ option filed ] [ header ][ data ]
>
> IPv4 Header after apllying AH:
> [new IP Header] [ authentication ] [original IP header] [TPH] [TPD]
> [ option field ] [header, a.k.a AH] [ option field ] [ ]
> [ ]
>
> : Then "ESP" isn't really a packet either, since it's just the encrypted
> : payload. By the way, you can have a "AH" packet i.e.
>
> Good point of view. ;-)
>
> : Just my $0.02 on this.
>
> Send me the number of yours Bank account. ;-)
>
> Sem mais,

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • core dump on kldload atapicam
    ... Dump header from device /dev/ad4s4b ... Panic String: page fault ... data packets ... connections established ...
    (freebsd-current)
  • Re: Political Analysis of Security Products
    ... > bee collected nor has any evidence of such a backdoor ever really been ... send several packets to ports on the target system. ... be used for booth sides of the security game. ...
    (Pen-Test)
  • Re: Improving FreeBSD NFS performance (esp. directory updates)
    ... >> I don't think the network is at fault, nor is the server really going ... 155645171 data packets ... discarded for bad header offset fields ... 790 connections established ...
    (freebsd-questions)
  • Re: Advice on a multithreaded netisr patch?
    ... cache, and the link layer will take a cache miss on the front of the ... netstat packets per second and my application's TCP ... header flowid field, and use that instead of the hash for work placement. ...
    (freebsd-net)
  • Re: Network hardware IPS
    ... Setting up a complete security with all the currently available tools ... snort_inline uses libipq to queue the packets to user space. ... >Captus Networks IPS 4000 ...
    (Focus-IDS)