Thank you Hans-Joreg for your quick reply. On 5/13/05, Hans-Joerg Hoexer <[EMAIL PROTECTED]> wrote: > Use esp with enc+auth, as written in isampd.conf(5). > > > On Fri, May 13, 2005 at 01:28:29PM +0200, Johan P. Lindstrvm wrote: > > I am trying to set up ESP tunnels with ISAKMPD myself, but I am far > > from an IPSec pro, does anyone know what would be "best practice" in > > the light of this event? > > > > / Johan P > > > > On 5/13/05, Peter Galbavy <[EMAIL PROTECTED]> wrote: > > > FYI; This is not specific, but should be interesting to misc@ readers. > > > > > > http://www.theregister.co.uk/2005/05/12/ipsec_crypto_alert/ > > > > > > which point to: > > > > > > http://www.niscc.gov.uk/niscc/docs/al-20050509-00386.html?lang=en > > > > > > "Three attacks that apply to certain configurations of IPsec have been > > > identified. These configurations use Encapsulating Security Payload > > > (ESP) in tunnel mode with confidentiality only, or with integrity > > > protection being provided by a higher layer protocol. Some > > > configurations using AH to provide integrity protection are also > > > vulnerable." > > > > > > Peter > > > > -- > pub 1024D/513AEFD9 1999-12-18 Hans-Joerg Hoexer > <[EMAIL PROTECTED]> > Key fingerprint = 83D2 436A 0D3C 34A9 E0FF 4C33 35F6 617C 513A EFD9
Re: General IPsec configuration vunerabilities (links)
=?ISO-8859-1?Q?Johan_P=2E_Lindstr=F6m?= Fri, 13 May 2005 07:27:14 -0700
- Re: General IPsec configuration vu... Hans-Joerg Hoexer
- =?ISO-8859-1?Q?Johan_P=2E_Lindstr=F6m?=
