According to NISCC, it is possible for an attacker to intercept packets flowing between two IPsec devices, make changes to the encapsulation packet and then access the plaintext form of the inner packet.
"By making careful modifications to selected portions of the payload of the outer packet, an attacker can effect controlled changes to the header of the inner (encrypted) packet," the organization said in a statement.
The attacks apply to potentially any configuration of IPsec using Encapsulating Security Payload (ESP) in tunnel mode with "confidentiality" only, or with integrity protection being provided by a higher layer protocol. Some configurations using Authentication Header (AH) to provide integrity protection are also vulnerable.
NISCC advises that "attacks have been implemented and demonstrated to work under realistic conditions." It recommended configuring ESP to use both confidentiality and integrity protection.
It added that the AH protocol should be used alongside ESP to provide integrity protection. Alternatively, error reporting could be removed by restricting the generation of ICMP messages or by filtering these messages at a firewall or security gateway.
_(33).jpg&h=140&w=231&c=1&s=0)
_(36).jpg&h=140&w=231&c=1&s=0)
Cyber Resilience Summit
iTnews Executive Retreat - Security Leaders Edition
Huntress + Eftsure Virtual Event -Fighting A New Frontier of Cyber-Fraud: How Leaders Can Work Together
iTnews Cloud Covered Breakfast Summit
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
_(1).jpg&h=140&w=231&c=1&s=0)
