[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] AW: [FW-1] security hole isakmp
Nessus is testing for a DoS vulnerability in how IKE daemons respond to false requests for key negotiation. The nessus mailing list archives have a good discussion on this (http://msgs.securepoint.com/nessus). >From that thread, the plugin that checks for the vulnerability does this: 1) if the host/network generates ICMP errors AND port 500 is closed, the script will exit before spitting any packets out 2) if the host/network generates ICMP errors AND port 500 is open, the script will run, then check to see if the port has closed 3) if the host/network does not generate ICMP erros AND port 500 is closed, the script will still run but will fail to reach the security_hole() function. 4) if the host/network does not generate ICMP errors AND port 500 is open, the script will run but will fail to reach the security_hole() function Step two is where the script actually tries to generate the bogus traffic. If the port is closed afterwards, it assumes the DoS was successful. Doug On Fri, 2002-05-03 at 03:42, Jochen Vogel wrote: > i take a tcpdump on the scanner and found out the following > > nmap didn´t found the port > > 09:33:26.858000 scanner.57345 > firewall.isakmp: udp 0 > 09:33:26.876045 firewall > scanner: icmp: firewall udp port isakmp > unreachable > > > nessus found the port > > 09:35:49.411438 scanner.isakmp > firewall.isakmp: udp 379 > 09:35:49.422596 scanner.isakmp > firewall.isakmp: udp 379 > 09:35:49.423850 firewall > scanner: icmp: firewall udp port isakmp > unreachable > 09:35:49.431030 firewall > scanner: icmp: firewall udp port isakmp > unreachable > 09:35:49.434197 scanner.isakmp > firewall.isakmp: udp 379 > 09:35:49.441981 firewall > scanner: icmp: firewall udp port isakmp > unreachable > 09:35:49.445098 scanner.isakmp > firewall.isakmp: udp 379 > 09:35:49.453705 firewall > scanner: icmp: firewall udp port isakmp > unreachable > 09:35:49.456342 scanner.isakmp > firewall.isakmp: udp 379 > 09:35:49.465671 firewall > scanner: icmp: firewall udp port isakmp > unreachable > 09:35:49.467281 scanner.isakmp > firewall.isakmp: udp 379 > 09:35:49.470999 scanner.vlsi-lm > firewall.isakmp: udp 0 > 09:35:49.475742 firewall > scanner: icmp: firewall udp port isakmp > unreachable > 09:35:49.487013 firewall > scanner: icmp: firewall udp port isakmp > unreachable > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= -- Doug Maxwell <[email protected]> Senior Network Engineer, Integralis-US ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|