ICMP: an Attack Vector against IPsec Gateways

Ludovic Jacquin 1, 2, * Vincent Roca 1 Jean-Louis Roch 2, *
* Corresponding author
1 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services
2 MOAIS - PrograMming and scheduling design fOr Applications in Interactive Simulation
Inria Grenoble - Rhône-Alpes, LIG - Laboratoire d'Informatique de Grenoble
Abstract : In this work we show that the Internet Control Message Protocol (ICMP) can be used as an attack vector against IPsec gateways. The main contribution of this work is to demonstrate that an attacker having eavesdropping and traffic injection capabilities in the black untrusted network (he only sees ciphered packets), can force a gateway to reduce the Path MTU of an IPsec tunnel to a minimum, which in turn creates serious issues for devices on the trusted network behind this gateway: depending on the Path MTU discovery algorithm, it either prevents any new TCP connection (Denial of Service), or it creates major performance penalties (more than 6 seconds of delay in TCP connection establishment and ridiculously small TCP segment sizes). After detailing the attack and the behavior of the various nodes, we discuss some counter measures, with the goal to find a balance between ICMP benefits and the associated risks.
Keywords : security network IPsec ICMP
Document type :
Preprints, Working Papers, ...
Complete list of metadatas

Cited literature [18 references]  Display  Hide  Download

https://hal.inria.fr/hal-00879997
Contributor : Ludovic Jacquin <>
Submitted on : Tuesday, November 5, 2013 - 11:10:54 AM
Last modification on : Tuesday, November 19, 2019 - 2:06:22 AM
Long-term archiving on: Thursday, February 6, 2014 - 4:35:56 AM

File

paper.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-00879997, version 1

Citation

Ludovic Jacquin, Vincent Roca, Jean-Louis Roch. ICMP: an Attack Vector against IPsec Gateways. 2013. ⟨hal-00879997⟩

Share

Metrics

Record views

740

Files downloads

964