Re: A tool for crafting ESP packets

From: Loki (loki@fatelabs.com)
Date: 11/25/01 

Message-Id: <200111251917.fAPJHuG15355@pa-lnx01.fatelabs.com>
From: Loki <loki@fatelabs.com>
To: "Nelson Brito" <nelson@tw-award.com>, "Emre Yildirim" <emre.yildirim@us.army.mil>
Subject: Re: A tool for crafting ESP packets
Date: Sun, 25 Nov 2001 14:17:56 -0500

Nelson,
I think you are misunderstanding. AH (Authentication Header), ESP
(Encapsulating Security Payload), etc. are all headers in an IPSec packet.
There is no such thing as "sending an AH packet). When I referred to my
previous past as a tool to craft "ESP packets" I am in other words saying,
"crafting IPSec packets". As all of these headers make up the IP Security
protocol suite.

Loki
www.fatelabs.com

On Tuesday 25 September 2001 04:31 pm, Nelson Brito wrote:
> : Loki wrote:
> : > Also, AH isn't a "packet" it
> : > provides authentication mechanisms for IP datagrams and protection
>
> against
>
> : > replay attacks.
>
> So, AH and ESP is a packet, in "IPSec Securing VPNs" from RSA Press, the
> author Carlton R. Davis shays:
> pg. 199: "In tunnel mode AH is inserted before the original IP header and a
> new IP header is inserted in front of the AH."
>
> So, you'll see this "PACKET" like a "AH PACKET", am I wrong? I don't think
> so.
>
> See the diagrams:
> IPv4 Header before applying AH:
> [variable-length] [transport protocol] [transport protocol]
> [ option filed ] [ header ][ data ]
>
> IPv4 Header after apllying AH:
> [new IP Header] [ authentication ] [original IP header] [TPH] [TPD]
> [ option field ] [header, a.k.a AH] [ option field ] [ ]
> [ ]
>
> : Then "ESP" isn't really a packet either, since it's just the encrypted
> : payload. By the way, you can have a "AH" packet i.e.
>
> Good point of view. ;-)
>
> : Just my $0.02 on this.
>
> Send me the number of yours Bank account. ;-)
>
> Sem mais,

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: Improving FreeBSD NFS performance (esp. directory updates)
    ... >> I don't think the network is at fault, nor is the server really going ... 155645171 data packets ... discarded for bad header offset fields ... 790 connections established ...
    (freebsd-questions)
  • Re: Political Analysis of Security Products
    ... > bee collected nor has any evidence of such a backdoor ever really been ... send several packets to ports on the target system. ... be used for booth sides of the security game. ...
    (Pen-Test)
  • Re: Network hardware IPS
    ... Setting up a complete security with all the currently available tools ... snort_inline uses libipq to queue the packets to user space. ... >Captus Networks IPS 4000 ...
    (Focus-IDS)
  • RE: IDSIPS that can handle one Gig
    ... make "any sense in real world security policy". ... devices through use of fragments. ... traffic, an attack can spread itself across multiple packets, which all ... Find out quickly and easily by testing it with real-world attacks from ...
    (Focus-IDS)
  • RE: [Full-Disclosure] Sidewinder G2
    ... If you not current with security software to the last two years your screwed ... A search at Cert for "Secure Computing" and "Sidewinder: ... exploit contains characters outside of the set defined by RFC822 (aka binary ... (do you really need a HTTP host: header length greater than 50 characters?). ...
    (Full-Disclosure)