Too big or too small? The PTB-PTS ICMP-based attack against IPsec gateways

机译：太大还是太小？基于PTB-PTS ICMP的IPsec网关攻击

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

This work introduces the "Packet Too Big"-"Packet Too Small" ICMP based attack against IPsec gateways. We explain how an attacker having eavesdropping and packet injection capabilities, from the insecure network where he only sees encrypted packets, can force a gateway to reduce the Path MTU of an IPsec tunnel to the minimum, which triggers severe issues for the hosts behind this gateway: depending on the Path MTU discovery algorithm in use, the attack either creates a Denial of Service or major performance penalties. This attack highlights two fundamental problems that we discuss, along with potential counter-measures to mitigate the attack while keeping ICMP benefits.

机译：这项工作介绍了针对IPsec网关的基于“ ICMP攻击”的“ Packet Too Big”-“ Packet Too Small”。我们说明了攻击者如何从不安全的网络（仅看到加密的数据包）具有窃听和数据包注入功能，如何迫使网关将IPsec隧道的Path MTU减小到最小，从而触发该网关后面的主机的严重问题：根据使用的路径MTU发现算法，攻击可能会造成拒绝服务或严重的性能损失。这次攻击突出了我们讨论的两个基本问题，以及在保持ICMP利益的同时减轻攻击的潜在对策。

著录项

来源
《IEEE Global Communications Conference》|2014年|530-536|共7页
会议地点
作者
Jacquin Ludovic; Roca Vincent; Roch Jean-Louis;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
IP networks; computer network security; IPsec gateways; PTB-PTS ICMP-based attack; denial of service; internet control message protocol; packet too big; packet too small; path MTU discovery algorithm; path maximum transmission unit discovery; Cryptography; IP networks; Information systems; Logic gates; Payloads; Protocols;

机译：IP网络;计算机网络安全; IPsec网关;基于ICMP的PTB-PTS攻击;拒绝服务;互联网控制消息协议;数据包太大;数据包太小;路径MTU发现算法;路径最大传输单位发现;密码学; IP网络信息系统逻辑门负载协议;

相似文献

外文文献
中文文献
专利

1. Methodology for Benchmarking IPsec Gateways [J] . Adam Tisovsky, Ivan Baroňák International Journal of Computer Network and Information Security . 2012,第9期

机译：对IPsec网关进行基准测试的方法
2. Gateway independent user-side wi-fi Evil Twin Attack detection using virtual wireless clients [J] . Omar Nakhila, Muhammad Faisal Amjad, Erich Dondyk, Computers & Security . 2018,第MAY期

机译：使用虚拟无线客户端的网关独立用户侧wi-fi Evil Twin Attack检测
3. Border Gateway Protocol Performance and its Protection against Disturbed Denial of Service attack [J] . Rakesh Kumar Achar, M. Swagath Babu, M. Arun Indian Journal of Science and Technology . 2015,第S2期

机译：边界网关协议性能及其对受干扰的拒绝服务攻击的防护
4. Too Big or Too Small? The PTB-PTS ICMP-based Attack against IPsec Gateways [C] . Ludovic Jacquin, Vincent Roca, Jean-Louis Roch IEEE Global Communications Conference . 2014

机译：太大或太小了？基于PTB-PTS ICMP的攻击对抗IPsec网关
5. Design of Lightweight Alternatives to Secure Border Gateway Protocol and Mitigate against Control and Data Plane Attacks. [D] . Israr, Junaid. 2012

机译：设计轻型替代方案以保护边界网关协议并缓解控制和数据平面攻击。
6. Empirical Performance and Energy Consumption Evaluation of Container Solutions on Resource Constrained IoT Gateways [O] . Syed M. Raza, Jaeyeop Jeong, Moonseong Kim, 2021

机译：资源受限IOT网关集装箱解决方案的经验性能和能耗评估
7. Too Big or Too Small? The PTB-PTS ICMP-based Attack against IPsec Gateways [O] . Ludovic Jacquin, Vincent Roca, Jean-louis Roch 2015

机译：太大还是太小？基于pTB-pTs ICmp的Ipsec网关攻击

Too big or too small? The PTB-PTS ICMP-based attack against IPsec gateways

摘要

著录项

相似文献

相关主题

期刊订阅