Firewall Wizards mailing list archives

Re: Possibility of replay attacks in manually keyed IPsec?

From: Rick Smith <rick_smith () securecomputing com>
Date: Mon, 06 Dec 1999 10:38:49 -0600

At 08:53 AM 12/03/1999 +0100, Mikael Olsson wrote:

I'd imagine that if IPsec itself uses fixed encryption keys,
it would be vulnerable to replay attacks, but this is not
the case. Here, we only handle fixed keys to IKE, so the
fixed keys only get used in the SA negotiation.


The original version of IPSEC was vulnerable to replay attacks, but the
revised IPSEC incorporates features to detect and reject replayed packets.
The use of nonces in IKE should prevent replay, assuming the nonces are
appropriately random. The use of anti replay features in the latest IPSEC
should likewize prevent successful replay attacks.

As noted in a followup, IPSEC's original replay weakness is hard to exploit
(but perhaps not impossible) if you're worried about TCP connections, since
the sequence numbers make it hard to splice in the replayed packet.
However, classic NFS doesn't have any replay protection, so you could
retransmit a "write" operation and have it accepted.


Rick.
smith () securecomputing com
"Internet Cryptography" at http://www.visi.com/crypto/

Current thread:

Possibility of replay attacks in manually keyed IPsec? Mikael Olsson (Dec 03)
- Re: Possibility of replay attacks in manually keyed IPsec? Mikael Olsson (Dec 05)
- Re: Possibility of replay attacks in manually keyed IPsec? Steve Goldhaber (Dec 05)
- Re: Possibility of replay attacks in manually keyed IPsec? Stefan Norberg (Dec 05)
  - Re: Possibility of replay attacks in manually keyed IPsec? Chris Cappuccio (Dec 06)
- Re: Possibility of replay attacks in manually keyed IPsec? Rick Smith (Dec 06)
  - Re: Possibility of replay attacks in manually keyed IPsec? Mikael Olsson (Dec 07)
- <Possible follow-ups>
- RE: Possibility of replay attacks in manually keyed IPsec? Ben Nagy (Dec 05)