Finns find Internet ISAKMP flaw

TheShadowTheShadow Member Posts: 1,057 ■■■■■■□□□□
All of you may wish to read this. The Finn's have found a reasonably large hole in internet security that opens DoS problems

http://www.theinquirer.net/?article=27690
Who knows what evil lurks in the heart of technology?... The Shadow DO

Comments

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,893 Admin
    I wonder if the flaw is in the design of ISAKMP or only in specific implementations of it. There's no way to really tell from the information given in just these articles. We'll have to wait for the blackhats reverse-engineer the patches and publish write-ups on the real details of the vulnerability.

    The funny thing is that this may force a lot of businesses to update their IOS firmware who don't want to for fear of incompatibilities with older Cisco equipment:

    www.zdnet.com.au/news/security/soa/VPN_flaws_cause_router_patching_nightmare/0,2000061744,39222408,00.htm

    Compared to all the DoS vulnerabilities in the design of TCP/IP, this ISAKMP issue is hardly a drop in the bit bucket. I wonder how serious it will actually turn out to be.
  • TheShadowTheShadow Member Posts: 1,057 ■■■■■■□□□□
    You make some very good points JD. One can only wonder with it so close to the holidays if exploits will break out during the normal year end personnel exodus.
    Who knows what evil lurks in the heart of technology?... The Shadow DO
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,893 Admin
    This isn't a flaw that'll open up the possibility of an Internet worm or anything that we will notice. This is a vulnerability specific to IPv6 networks and IPSec-based VPNs.

    My guess is any exploits that appear will be mostly session hijacking and/or man-in-the-middle attacks on VPN routers and concentrators, and possibly on secure IPv6 (ESP) sessions.

    I'm glad this is getting fixed now rather than years from now when IPv6 and IPSec will be much more commonly used.
Sign In or Register to comment.