Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory
From: henry.sieff@xxxxxxxxx
Date: 7 Aug 2006 22:24:13 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Cisco recommends a workaround which essentially sets a limit on the number of 
outstanding SA's and drops new SA requests if they exceed that limit (outlined 
in 
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a0080229125.html)

It seems to me that this will not accomplish much - presumably the determined 
attacker will simply continue to send packets - as soon as the number of SA'ss 
drops below that limit the attacker will simply fill up the queue again. Am I 
missing something about the vulnerability or the supposed fix from Cisco?

Follow-Ups:
- RE: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory
  - From: Lance Seelbach

Prev by Date: RE: [Full-disclosure] RE: when will AV vendors fix this???
Next by Date: Re: [Full-disclosure] Attacking the local LAN via XSS
Previous by thread: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory
Next by thread: RE: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory
Index(es):
- Date
- Thread