> -----Original Message----- > From: Paul Wouters <[email protected]> > Sent: Tuesday, August 14, 2018 11:33 AM > To: Scott Fluhrer (sfluhrer) <[email protected]> > Cc: Valery Smyslov <[email protected]>; [email protected] > Subject: Re: [IPsec] Fwd: [Security] Cisco Patches Its Operating Systems > Against New IKE Crypto Attack > > On Tue, 14 Aug 2018, Scott Fluhrer (sfluhrer) wrote: > > >> They also do some number games about how many packets you need to > >> send and how fast, and I found their description confusing. I think > >> they change SPI (cookies) and so these would be "new" exchanges so > >> this has to be the DH component, but even if you break DH in > >> IKEv2,you haven't broken the AUTH payload > > > > This is not a MITM attack, this is an impersonation attack. > > If it is not a MITM, then the original connection will establish.
What original connection? Mallet (the attacker) claims to be Alice (a valid node), and initiates to Bob. When Mallet needs to include Alice's signature in the exchange, he performs a Bleitchenbacher attack against the real Alice, to compute what the signature needs to be. Then, Mallet uses that signature to fool Bob into thinking he is talking to Alice. Since Alice never had any idea she was supposed to be talking to Bob, she'll never send any packets his way... _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
