Too Big or Too Small? The PTB-PTS ICMP-based Attack against IPsec Gateways - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2014

Too Big or Too Small? The PTB-PTS ICMP-based Attack against IPsec Gateways

Résumé

This work introduces the "Packet Too Big"-"Packet Too Small" ICMP based attack against IPsec gateways. We explain how an attacker having eavesdropping and packet injection capabilities, from the insecure network where he only sees encrypted packets, can force a gateway to reduce the Path MTU of an IPsec tunnel to the minimum, which triggers severe issues for the hosts behind this gateway: depending on the Path MTU discovery algorithm in use, the attack either creates a Denial of Service or major performance penalties. This attack highlights two fundamental problems that we discuss, along with potential counter-measures to mitigate the attack while keeping ICMP benefits.

Domaines

Réseaux et télécommunications [cs.NI] Cryptographie et sécurité [cs.CR]
Fichier principal
Vignette du fichier
globecom14_ptb-pts_attack.pdf (240.04 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Vincent Roca  : Connectez-vous pour contacter le contributeur

https://inria.hal.science/hal-01052994

Soumis le : mardi 29 juillet 2014-12:24:17

Dernière modification le : jeudi 4 avril 2024-18:18:23

Archivage à long terme le : mardi 25 novembre 2014-20:12:29

Télécharger pour visualiser

Dates et versions

hal-01052994 , version 1 (29-07-2014)

Identifiants

  • HAL Id : hal-01052994 , version 1

Citer

Ludovic Jacquin, Vincent Roca, Jean-Louis Roch. Too Big or Too Small? The PTB-PTS ICMP-based Attack against IPsec Gateways. IEEE Global Communications Conference (GLOBECOM'14), John Donovan (general chair), Dec 2014, Austin, United States. ⟨hal-01052994⟩

Exporter

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

UNIV-RENNES1 UGA CNRS INRIA INSA-LYON IRISA LIG INRIA2 UR1-MATH-STIC UR1-UFR-ISTIC UNIV-RENNES INSA-GROUPE UDL UR1-MATH-NUM LIG_SIDCH
413 Consultations
732 Téléchargements

Partager

Gmail Facebook X LinkedIn More