Too Big or Too Small? The PTB-PTS ICMP-based Attack against IPsec Gateways

Ludovic Jacquin; Vincent Roca; Jean-Louis Roch

Conference Papers Year : 2014

Too Big or Too Small? The PTB-PTS ICMP-based Attack against IPsec Gateways

(1) , (1) , (2)

1
2

Ludovic Jacquin

Function : Author
PersonId : 872240

Privacy Models, Architectures and Tools for the Information Society

Vincent Roca

Function : Correspondent author
PersonId : 552
IdHAL : vincent-roca
IdRef : 079885535

Connectez-vous pour contacter l'auteur

Privacy Models, Architectures and Tools for the Information Society

Jean-Louis Roch

Function : Correspondent author
PersonId : 2086
IdHAL : jean-louis-roch
IdRef : 075731002

Connectez-vous pour contacter l'auteur

PrograMming and scheduling design fOr Applications in Interactive Simulation

Abstract

This work introduces the "Packet Too Big"-"Packet Too Small" ICMP based attack against IPsec gateways. We explain how an attacker having eavesdropping and packet injection capabilities, from the insecure network where he only sees encrypted packets, can force a gateway to reduce the Path MTU of an IPsec tunnel to the minimum, which triggers severe issues for the hosts behind this gateway: depending on the Path MTU discovery algorithm in use, the attack either creates a Denial of Service or major performance penalties. This attack highlights two fundamental problems that we discuss, along with potential counter-measures to mitigate the attack while keeping ICMP benefits.

Domains

Networking and Internet Architecture [cs.NI] Cryptography and Security [cs.CR]

Fichier principal

globecom14_ptb-pts_attack.pdf (240.04 Ko)

Origin : Files produced by the author(s)

Vincent Roca : Connect in order to contact the contributor

https://inria.hal.science/hal-01052994

Submitted on : Tuesday, July 29, 2014-12:24:17 PM

Last modification on : Thursday, April 4, 2024-6:18:23 PM

Long-term archiving on: Tuesday, November 25, 2014-8:12:29 PM

Dates and versions

hal-01052994 , version 1 (29-07-2014)

Identifiers

HAL Id : hal-01052994 , version 1

Cite

Ludovic Jacquin, Vincent Roca, Jean-Louis Roch. Too Big or Too Small? The PTB-PTS ICMP-based Attack against IPsec Gateways. IEEE Global Communications Conference (GLOBECOM'14), John Donovan (general chair), Dec 2014, Austin, United States. ⟨hal-01052994⟩

Export

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

UNIV-RENNES1 UGA CNRS INRIA INSA-LYON IRISA LIG INRIA2 UR1-MATH-STIC UR1-UFR-ISTIC UNIV-RENNES INSA-GROUPE UDL UR1-MATH-NUM LIG_SIDCH

413 View

732 Download

Too Big or Too Small? The PTB-PTS ICMP-based Attack against IPsec Gateways

Abstract

Domains

Dates and versions

Identifiers

Cite

Export

Collections

Share