Re: A tool for crafting ESP packets

From: Nelson Brito (nelson@tw-award.com)
Date: 09/25/01 

Message-ID: <00a001c14601$1fe138d0$01000001@pitbull>
From: "Nelson Brito" <nelson@tw-award.com>
To: "Emre Yildirim" <emre.yildirim@us.army.mil>, "Loki" <loki@fatelabs.com>
Subject: Re: A tool for crafting ESP packets
Date: Tue, 25 Sep 2001 17:31:27 -0300

: Loki wrote:
:
: > Also, AH isn't a "packet" it
: > provides authentication mechanisms for IP datagrams and protection
against
: > replay attacks.

So, AH and ESP is a packet, in "IPSec Securing VPNs" from RSA Press, the
author Carlton R. Davis shays:
pg. 199: "In tunnel mode AH is inserted before the original IP header and a
new IP header is inserted in front of the AH."

So, you'll see this "PACKET" like a "AH PACKET", am I wrong? I don't think
so.

See the diagrams:
IPv4 Header before applying AH:
[variable-length] [transport protocol] [transport protocol]
[ option filed ] [ header ][ data ]

IPv4 Header after apllying AH:
[new IP Header] [ authentication ] [original IP header] [TPH] [TPD]
[ option field ] [header, a.k.a AH] [ option field ] [ ]
[ ]

: Then "ESP" isn't really a packet either, since it's just the encrypted
: payload. By the way, you can have a "AH" packet i.e.

Good point of view. ;-)

: Just my $0.02 on this.

Send me the number of yours Bank account. ;-)

Sem mais, 

--
# Nelson Brito
# Security Consultant and Penetration Tester
while(<>){split(//, $_); print reverse @_;}

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • RE: ipforwarding enabled, what can I do
    ... set network on the internal side. ... The simplest thing to do is use a packet crafting program and construct ... >> from the Internet without success. ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Ascend Pipeline 85 - Passing an "esp" packet
    ... Does anyone know if there is a way to pass an inbound "esp" packet through ... an Ascend Pipeline 85 firewall, when the firewall is on the external ... pipeline and the remote location. ...
    (comp.security.firewalls)
  • Re: IPSEC ESP questions
    ... :payload in ESP packet? ... Of course there are other protocols. ... years (taking into account leap years but not correcting for leap ...
    (comp.security.misc)
  • RE: ipforwarding enabled, what can I do
    ... Loose source routing- means you set "Loose Source Routing" ... hops is due to IP header size limitations. ... Your IP packet will travel ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Generating Dropped Packets
    ... Subject: Generating Dropped Packets ... While technically not a pen test, I am trying to do something that I think ... switch/router to recognize that the packet needs to be dropped. ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)