IPsec vulnerable, warns NISCC

By

A major security flaw in an IPsec protocol has been reported by the UK's National Infrastructure Security Co-ordination Centre (NISCC).

According to NISCC, it is possible for an attacker to intercept packets flowing between two IPsec devices, make changes to the encapsulation packet and then access the plaintext form of the inner packet.


"By making careful modifications to selected portions of the payload of the outer packet, an attacker can effect controlled changes to the header of the inner (encrypted) packet," the organization said in a statement.

The attacks apply to potentially any configuration of IPsec using Encapsulating Security Payload (ESP) in tunnel mode with "confidentiality" only, or with integrity protection being provided by a higher layer protocol. Some configurations using Authentication Header (AH) to provide integrity protection are also vulnerable.

NISCC advises that "attacks have been implemented and demonstrated to work under realistic conditions." It recommended configuring ESP to use both confidentiality and integrity protection.

It added that the AH protocol should be used alongside ESP to provide integrity protection. Alternatively, error reporting could be removed by restricting the generation of ICMP messages or by filtering these messages at a firewall or security gateway.

www.niscc.gov.uk

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?